Over the years, one of WatchGuard’s resident pop culture nerds (as well as the CTO and a renowned cybersecurity expert), Corey Nachreiner, has delved into the world of Star Wars to help teach people about the latest security threats and concepts. This May 4th, we thought it would be fun to revisit his four-part series in GeekWire called, “How to be a tech security Jedi.” While it won’t answer questions like whether Jar Jar Binks was a Sith Lord, who shot first in the Mos Eisley Cantina (Han or Greedo), or why Imperial Stormtroopers miss nearly everything they shoot at, this post will give you some practical security knowledge you can apply in your everyday cyber-battles.
1. First up, “5 Lessons from the original Star Wars series.” This series includes tons of subtle parallels to information security. Here’s an excerpt from one of our favorites: little vulnerabilities can blow up the biggest Death Star.
“Everyone remembers the exciting conclusion to A New Hope. Skywalker was able to perfectly launch a pair of X-Wing proton torpedoes into a little thermal exhaust port in the Death Star, blowing it to smithereens. This little tunnel was the tiny Achilles heel of the heavily reinforced, planet-sized battle destroyer called the Death Star.
This concept applies to cyber security as well. Sometimes the smallest vulnerabilities in the most niche software can lead to the chain of events that allow malicious attackers to gain complete control of a network. Many IT professionals have stories about finding old, unpatched, and forgotten servers on their network, which were exposed to the public. Hackers might take advantage of little vulnerabilities in these forgotten servers to gain a foothold into the network, and leverage them as a stepping-stone for gaining complete control. Don’t end up like the Death Star. Patch even your smallest vulnerabilities.”
Read the entire GeekWire article here.
2. Next we look at “6 Lessons from the Star Wars Prequel Movies.” Often panned for the poor acting, weak characters and cheesy dialog, it still provides great fodder when gazed at through a cybersecurity lens. For example, learning from Padme’s Honeypot.
“This title might sound a bit risqué, but hear me out. Padmé was an adept security expert! A big reveal from the first movie was that “Queen Amidala” was a decoy, and that one of her “handmaidens” was actually the true Queen of Naboo. Padmé realized that she was at risk, so her security team assigned a bodyguard to impersonate her. During an assassination attempt, the attacker would go after the wrong person, giving Padmé the opportunity to identify the attack, and react or escape.
This is a great example of what the security industry calls a honeypot. Originally designed as a security research tool, honeypots are systems that pretend to be legitimate, but are actually designed to lure in hackers. They offer a safe way to attract malware and attacks for analysis that informs the creation of new defenses. Lately, however, organizations are starting to use honeypots to both deflect attacks from their real targets, and as a “canary in a coal mine” that informs you if you’ve been breached. Companies hoping to protect their vital assets should consider some of the new forms of deception defenses like honeypots.”
Read the entire GeekWire article here.
3. Star Wars fans rejoiced with the release of The Force Awakens. Rey gave fans what they’d been craving for decades – a powerful female hero – and Dark Siders finally got an antagonist (in Kylo Ren) that could live up to legend of Vader. In this article, Corey looked at “Three Security Lessons from The Force Awakens.” One of our favorite tips is unlocking your lightsaber with biometrics.
“After the main characters, Rey and Finn, meet Han Solo, he takes them to the planet of Takodana to meet Maz Kanata. There, Rey begins hearing screams and having visions, which draw her to the basement where she eventually finds Luke Skywalker’s lightsaber. Upon touching the lightsaber, she has even more visions, as though she unlocked the device at her touch. Kanata says that Skywalker’s saber is calling to her.
While it probably works differently in fantasy worlds that have The Force, in the real world, having a device tuned to unlock at your touch is called biometrics. As the infosec community is continuing to realize how bad most users’ password practices are, biometrics have become a popular mechanism for authentication. Biometric authentication is both convenient and relatively secure. Individual biometric tokens, such as fingerprints or retinas, really are unique and complex, making them challenging for attackers to copy. Additionally, this method is much easier than trying to remember a long complex password, let alone 50 complex passwords for all of your accounts.
Having said that, I want to warn you that real biometrics are probably not as infallible as The Force is at identifying people. There have already been many documented cases of hackers pulling fingerprints and using them to create gel-like copies that fool fingerprint readers. Worse yet, we can’t get new fingerprints or retinas, so if they are compromised, we can’t replace them.
So what’s the Jedi advice here? Biometric authentication is a great form of security, but only as an additional token of authentication. Biometrics should be an additional security layer, not a replacement for passwords. If you pair your normal password with a biometric credential, your login will remain Sith resilient.”
Read the entire GeekWire article here.
4. And finally, while we all eagerly await the release of The Rise of Skywalker, let’s look at the most recent trilogy installment with “Three Lessons from Star Wars: The Last Jedi.” One of the Corey’s top tips here: Never trust a criminal master hacker.
“One of the side quests in “The Last Jedi” involved Finn and Rose having to break into Snoke’s Supremacy Mega-class Star Destroyer in an attempt to disable the tracking device that is preventing Rebel ships from jumping undetected to a mystery location. In order to infiltrate the Supremacy, they needed to recruit the help of a “master cracker,” who could crack the right codes to get their ship past the Supremacy’s significant defenses. They do end up finding a charismatic, stuttering criminal called DJ, who sneaks them past The First Order’s defenses, and gets them to the tracking device. However, that’s where they also learn that DJ sold them out to the highest bidder, turning them over to General Hux and leaking the Rebels’ ultimate escape plan.
This reminds me that you can never trust criminals. Lately, Ransomware has become one of the most successful malware campaigns for cyber criminals. According to some reports, at least one third of victims end up paying the ransom. This has led many victims to become comfortable with ransomware that seems to “work.”
Read the entire GeekWire article here.
Want more Star Wars cybersecurity tips? Check out Corey’s breakdown of several security lessons you can learn from Rogue One here. And of course, May the 4thbe with you!