VIEW 8
Medieval castle model
One way to conceive of cyber security is to use the analogy of a medieval castle. Then castle walls and the moat correspond to the firewall with the drawbridge allowing permitted visitors inside. The sentries patrolling the ramparts represent the anti-virus software on the lookout for suspicious events. A Distributed Denial of Service attack would be analogous to a siege engine lobbing boulders.
As in all good Hollywood movies there is a secret way into the castle - maybe a tunnel, a postern gate or a small iron grille over a sewer - which is known only to the people who built it. This is the software ‘backdoor’ created by the original coders of the system which still exists but has been forgotten about.
Send out the scouts
Outside the castle walls, an invisible enemy is lurking behind some hills. It’s probably worth sending some scouts out to find out what they are up to. In the cyber world this is called cyber threat intelligence. This involves hiring some experts to search the dark web looking for indications that you might be a target of a planned attack. Also bear in mind that the wagons bringing essential goods into your castle are a vulnerable element. In the Hollywood movie, the enemy hijack the wagons and enter the castle in disguise. In a cyber context, this is known as a Trojan attack, named after the Trojan horse that concealed Greek warriors in the Iliad.
The king in the keep
Inside the castle, there are locked storerooms and maybe some golden treasure in a strong room. The locks on these rooms are called endpoint security software in an IT context, providing an extra level of protection to individual devices. Sitting in the keep is the King who seems impressively well protected by all these defensive layers. Indeed, it would take a powerful ‘brute force’ attack to break through them all. In the cyber world, a brute force attack is a trial and error method used to crack passwords using automated software to test every possible combination in turn.
Brute force attacks take a lot of time and computing power, just like the siege engines that throw boulders to knock down the castle walls. But there are simpler ways of getting the King to surrender other than destroying the ramparts. In the Hollywood movie, it would be a non-physical attack of some sort - a trusted courtier turning traitor, a letter that causes a change of mind or a psychological trick that completely saps morale. In the cyber world this would be a phishing attack - an email that fooled the CEO into giving up their password.
