Home » Data Protection » Network Security

Information Security Defense In Depth Lessons (from a Bronze-Age Fort)

What can the Information Age learn about defense-in-depth from a 3,000-year-old Irish fort? Plenty.

Today we build software applications and then security software applications to wrap around them. Not only is this less efficient but it's also not as secure as stitching security into the main application, the way Dun Aengus had security woven into the fabric of what was essentially a small but active city.

Brandish Security. In its time, Dun Aengus's grandeur was a security feature. "You were making a statement to anyone who was thinking about attacking you that you had the best defense and attacking would not be in their best interest," says Cotter. She adds that as much as the defenses were meant to deter you, they were also an offensive, imperial impulse, "sort of like when American jets used to fly into Soviet airspacebecause they could."

Companies today rarely brandish information securityperhaps because they have little confidence in it. But letting the world around you know some of the more aggressive steps you're taking to prevent attacks can be a powerful deterrent, especially in a world littered with less secure "forts." Invaders attack the less secure structure.

Control Traffic. Since the architects of Dun Aengus assumed attacks would come, they designed the fort so that attacks would be as difficult as possible. Fort entrances faced downslope, forcing enemies to charge uphill. Doorways were narrow, hard to find and, when you did find them, had high stone thresholds. You couldn't just run through. Once you did get through, more walls would force you to turn right, thus exposing your weapon-carrying arm to attack. If you managed to keep going, you'd eventually reach the massive band of chevaux-de-frise (upturned stones jutting in every direction), which would certainly slow you down. Cotter found that the chevaux-de-frise at Dun Aengus was mapped out with flat stones before it was created, and its distance from the inner enclosure was consistent with chevaux-de-frise at other sites40 meters. "Forty meters," Cotter says dramatically, "is a human's missile-throwing range."

The whole fort was a honeypot. If you can't stop 'em, slow 'em down. Yet many information security breaches that result in lost data are a result of perpetrators having free range to explore and attack at will once they get into the network. Notice that the features of Dun Aengus applied to friend and foe equally. Information security needs to treat the network like Dun Aengus and control the traffic at every stop; move people in the way you want them to be moved. Make it as difficult as possible for even an insider to get around and wreak havoc.