Re: Re: Castles and Security

[Darren Reed <darrenr () reed wattle id au>]

In some email I received from Talisker, sie wrote:
[...]
> So where
> are the vulnerabilities in a castle? someone mentioned spies, they can't
> mount a full on attack they need to get in using a little more stealth,
> disguised as a trusted person or hidden in a delivery. To me they would
> represent a true hacker not daunted by defence in depth.
> Lets also bring into the equation the insider attack and the trojan horse
> both common problems in security today, again the castle analogy can
> introduce the concept just as a DDOS could be likened to a siege.
>
> As for terrorism and guerilla warfare, they wouldn't attack a castle it's
> too strong but they would attack traffic to and from the castle.
>
> The castle analogy isn't perfect but it will help to get some points across
> in infantry English

Actually, the method of engagement you, as an attacker, use when attacking
a castle is highly dependant on the outcome you desire - much the same can
be said for ``hackers''.  DDoS is *nothing* like a siege, unless you have
very little idea about how a siege really takes place.  For it to be a good
analogy, it'd have to be impossible to dialout from a desktop (for example).
It is too damn easy to bridge around a DDoS attack...well, it may cause some
trouble for web users but who cares about them ? >:-)

So why wouldn't a terrorist attack a castle ?  Why not get inside and put
large amounts of gun powder under key vulnerabilities like the porticullus
or draw bridge or under the King's chair.

Lets look at it from a different angle.

What do hackers hope to achieve when they attack you ?
- deface your web pages ?  (personal glory for them and shame for you)
- steal credit card information ?
- steal confidential/proprietary information for someone else
- steal confidential/proprietary information for themselves
- to find out what's on the inside
- to 0w|\| you
and last but not least
- to wipe out your data systems (I've not heard of this happening in a
  looooong time, at least by design anyway).

Anything else ?

Of those, only the last is what I'd think of in the same mindset as
attacking a castle.

Those involving just information retrieval are more akin to sending in
a spy - someone goes in as a normal user but tries to get where they
shouldn't be.

I'm struggling to think of a good match for the "owning" scenario.
Maybe they're usurping your command of your army or bribing them ?

Better yet, time to stop with trying to make analogies.

The point I'm making here is that you generally storm a castle as the
means to take it over.  I don't know that anyone has breached a firewall
with the intent to take over a company (maybe I'm just being naive here)
but I can imagine them doing so to find out what's going on inside.
About the best you could come up with in that situation is extortion.
While the defense in depth theory is good, this is bordering on cyber
terrorism, not field/trench combat.

Darren

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards