Home » Data Protection » Network Security

Information Security Defense In Depth Lessons (from a Bronze-Age Fort)

What can the Information Age learn about defense-in-depth from a 3,000-year-old Irish fort? Plenty.

By Scott Berinato

Page 2

Compare that to today, when many damaging worms succeed simply because ports, the virtual equivalent of doorways, are unnecessarily left open.

Sometimes Security Must Trump Efficiency. Dun Aengus's location was highly inconvenient for people whose business was the business of survival. Fishing and trading (requiring access to boats) meant long trips down the sloped land, far from the protection of the fort (and then long trips back); the lack of a fresh water supply forced inhabitants to collect rainwater; metals and other raw materials used to make tools and weapons, or jewelry and other goods for trading, were mined far away and then transported to be forged or crafted locally.

Why did they make it so hard on themselves? Security. It is, after all, part of the business of survival. The inconveniences of the site are offset by the security it creates (more cost-benefit risk management). The Aran Islands, Cotter says, required particular attention to security because they lay on the frontier between Connaught and Munster, and thus were prone to attack from both sides. Dun Aengus itself sits on Inis Mór's high ground, allowing for the longest sight lines for spotting potential invaders; it was built on the precipice of a 300-foot cliff, literally sheering off an important potential attack route. The hilly topography allowed terracing of walls so that the walls towered over people approaching from the outside but only reached the defenders' waists, allowing easy aiming and firing. "Always have the high ground," Cotter says. "It's actually a good rule for life."

In today's information world, security consistently loses to every conceivable efficiency or convenience. The high ground of the Internetvisibility beyond the perimeteris rarely taken. Applications are built as rapidly as possible, shoved onto the network landscape wherever they fit, and secured only afterward, when vulnerabilities are discovered. In the Bronze Age, people could accept the sacrifice of some efficiency if it benefited security.

Build Secure Structures, Not Security Structures. "Dun Aengus would have been a center of Bronze Age life, a tribal capital," Cotter says. Seasonal rituals, important feasts, administrative tasks, forging, trading and any number of other daily activities all transpired inside the fort. Yes, sometimes security trumped efficiency, but security was not the application, rather one woven in with many others. So while the outer enclosure made attacking the fort harder, it also created a space for secure commerce, for cattle and sheep grazing, for forging bronze (and, later, iron), and for trading. The site also faces southwest so that, on a clear day, Cotter says, you can see 75 miles down the Irish coastline. That gives locals fair warning if marauders approach, but it also would allow elites to establish sovereignty over what was a primary trading highway.