What really sank (or, to be more precise, exploded) the Death Star wasn’t the usual suspects of Rebel scum, engineering incompetence or even the inevitable triumph of good over evil. Instead, explained Kellman Meghu, a series of common infosec missteps made by Darth Vader, then the acting Chief Security Officer, doomed the ultimate battle station: In an age of consistent, ongoing penetration attempts long ago and far, far away, only the eternally vigilant and over-prepared lived to fight another day.
Kellman, speaking at Security BSides San Francsico 2012, admitted that the erstwhile Anakin got a few things right, particularly when it comes to understanding the threat of data leakage.
“He knew what was important to his business, which is really quite impressive,” he said, stating that a lot of major companies he works with have no idea what is in their data inventory, nor what matters if it were to escape.
Kellman also lauded how well Darth Vader monitored, logged and actually responded to threats: When the Death Star blueprints were leaked by Bothans, he immediately assembled a tactical team to deal with the data breach. Compare that to how often data leaks out through thumbdrives or unsecured laptops and the only notification occurs when the data is posted publicly.
Vader also did an admirable job following through on the seriousness of the threat, marshaling resources to help investigate the breach and respond appropriately.
But at the end of the day, the Death Star was destroyed (twice) and Vader rather dramatically resigned, as is often the case with CSOs after a major data breach.
It didn’t have to end that way, though. Kellman offered some straightforward advice every security Padawan could take to heart and that might have helped Vader ensure a long, happy retirement on a pleasure barge instead of a tragic death at what should have been the middle of an illustrious reign.
Encrypt, Encrypt, Encrypt
While the Death Star gets points for physical security, encrypting sensitive data and using strong key management might have prevented a certain two protocol droids from accessing the Empire’s confidential data from the beginning. Not encrypting everything is no longer an acceptable practice: The fate of the galaxy depends on it.
Be Proactive, Not Reactive
Kellman pointed out that while the Empire’s monitoring of infosec threats was generally great, it did a really poor job of proactively addressing the threats. How much good does it do the Empire to know that the two protocol Droids have leaked data if there’s nothing to stop them from hiding in the deserts of Tatooine? Stopping data from ever leaving the premises is almost infinitely easier than trying to track it down and retrieve it once it’s public.
Avoid single points of failure
Strategically, the Empire made a big bet on the Death Star platform. And the Death Star was an effective of weapon of fear. But just like when the Amazon Empire’s S3 goes down, it’s best to ensure redundancy and high availability, whether its allowing access to a private network, serving up pictures of LOLcats or raining down death from above.
Remember the Droids, DROIDs and other Devices
Kellman points out that, in the Trilogy’s opening scene, Vader’s landing party notices an escape vessel departing the ship – but takes no action since no life forms were present on it. At this year’s RSA, Bring Your Own Device (BYOD) policies have been a hot topic, and I like to think that Darth Vader’s response team would have been better prepared to understand the threat that unknown devices, particularly droids with shady previous owners, play to the modern enterprise. The same is true of all employee- (and even corporate-) owned devices: Each presents a new avenue for data leakage, whether its Death Star Schematics, Social Security numbers or the latest financial projections.
Authenticate early and often
Finally, the Empire’s authentication systems were in shambles. The capture of the Millennium Falcon aboard an Empire vessel should have marked a turning point, but because the Empire used only a weak, single-factor authentication system (Do they look like a Storm Trooper? Permission Granted.), the band of rebels were able to not only escape but gain command to the entire Empire’s data network as well as physical access to its most sensitive areas.
Again and again, weak authentication works against the Empire’s efforts to contain data leakage. Kellman imagines how abruptly the series would have ended if even basic measures were taken: The trash compactor closing in on the rebels, R2D2 tries brute forcing administrative passwords for the garbage collection admin interface – only to be locked out, Han Solo now just another snack for the Death Star’s friendly Dianoga.
Kellman Meghu has been consulting on information security projects since the mid-90s and he is currently head of security engineering at Check Point Software, although his critique of the Empire (not a current customer) is purely his own and does not represent the views of Check Point. He blogs at kill -HUP, and you can follow his exploits on Twitter at @Kellman.
Once again, as part of larger RSA coverage, I managed to sneak out to the highly enjoyable Security BSides series. Read last year’s coverage of Davi Ottenheimer’s talk, or learn more about BSides, a free unconference around the world, at SecurityBSides.com.