Information Security Defense In Depth Lessons (from a Bronze-Age Fort)

In the summer of 2004, Internet guru Vint Cerf proclaimed that the Internet is moving from its Stone Age to its Iron Age. Soon after, Internet guru Paul Mockapetris slightly altered that sentiment and said that, at best, the Internet has reached a figurative Bronze Age, which filled the two millennia between the Stone and Iron Ages.

Still, the two gurus were making the same point: In no time, today’s Net will be an antediluvian relic, replaced by an unimaginably advanced network that controls all communication everywhere. Cerf talked about connecting the Internet to other planets. Mockapetris told the BBC, “Ten years from now, we will look back at the Net and think, How could we have been so primitive?”

Primitive? Bronze Age? Well, not exactly. After digging a little—and talking to an archaeologist who dug a lot—we discovered that our ancestors from the literal Bronze Age were, in fact, quite sophisticated, at least when it comes to security. In many ways, their security philosophies and designs were smarter and more efficient than ours today.

To see a modern equivalent of the physical fort, read ’19 ways to build physical security into your data center’

To prove it, we offer Dun Aengus, an awe-inspiring hill-fort on Inis Mor, one of the Aran Islands, off the west coast of Ireland. The fortified structure there dates to the Bronze Age, 3,000 years ago, and it was used at least up through the late medieval period, past the year 1000. We will examine features from the fort that were built at many stages of its working life—some as early as 1100 B.C. and others as late as the year 800. These features helped keep Dun Aengus both secure and productive for thousands of years. We also invite you to enjoy the site’s magnificence—which is itself a security feature. (We’ll explain.)

Irish archaeologist Claire Cotter led the most important digs at Dun Aengus and has graciously offered her knowledge from those efforts, as well as her knowledge of defensive structures in ancient fortifications in general. All photos in this article are courtesy of Claire Cotter.

If the Internet is primitive, then its security is prehistoric. Cerf’s and Mockapetris’s future visions of the Internet will rely on that changing. Read on to see what Bronze Age wisdom Dun Aengus can impart that will help security evolve in the Digital Age.

Reinforce Brute Defense at Most Strategic and Weakest Points The Inner Enclosure is the fort’s most strategic locale. It housed elites and protected the most valuable goods, including amber, trading beads, and bronze. Cotter found bronze hoards cliffside in the inner enclosure. The upper classes buried these valuables—collections of swords, armor, rings and so forth—as offerings to the gods, but also to control the circulation of bronze, the most important currency, much the way the government controls money today.

Naturally, the walls protecting the Inner Enclosure were the strongest—up to 21 feet thick. Entrances are vulnerable too, so walls were thickened there. Also, an extra wall was erected on the west, where the outer wall was closest to the inner enclosure and therefore provided the shortest attack route. In other words, Dun Aengus’s architects were assessing risk.

Picture’s worth 1,000 words? Then you’ll like The Illustrated Guide to Security, featuring dynamic visual presentation of a dozen critical security issues [CSO Insider registration required]

Yet research shows designing corporate networks based on risk management is still relatively rare today.

Open Your Perimeter Only When and Where Necessary. Dun Aengus ranges over 14 acres; if laid out in a straight line, its walls would stretch more than a mile. Yet Cotter says there would have been only one or two doorway openings in the walls. In terms of security, entrances are obviously weaknesses since they require the least effort to penetrate. Fewer portals meant fewer weak points, or, if you prefer, vulnerabilities.

Compare that to today, when many damaging worms succeed simply because ports, the virtual equivalent of doorways, are unnecessarily left open.

Practice Defense-in-Depth. Archaeologists have used the term defense-in-depth for decades to describe the obstacles erected to thwart attacks. At Dun Aengus, the most spectacular layer of defense was a band of chevaux-de-frise—upturned stones jutting in every direction that made passage by horses impossible and passage by foot unlikely—that completely surrounded the middle and inner enclosures. But it’s instructive that this is just one of several kinds of defenses at the fort. [Chevaux-de-frise photo courtesy Clair Cotter.]

Viking marauders running up a hill to take a fort would have to survive a series of defenses, arrayed in sequence: berms, ditches, outer walls, chevaux-de-frise, more ditches, walls, pallisades (tall, spiky wooden fences) and more walls.

Infosecurity professionals practice some defense-in-depth, but a key lesson from Dun Aengus is the variety of defenses. Today, several firewalls might equal several layers of security, but that’s only one kind of defense repeated. Bronze Age architects made sure different tools and skills would be required at every stop to slow down an attack and therefore improve the ability to counterattack.

Sometimes Security Must Trump Efficiency. Dun Aengus’s location was highly inconvenient for people whose business was the business of survival. Fishing and trading (requiring access to boats) meant long trips down the sloped land, far from the protection of the fort (and then long trips back); the lack of a fresh water supply forced inhabitants to collect rainwater; metals and other raw materials used to make tools and weapons, or jewelry and other goods for trading, were mined far away and then transported to be forged or crafted locally.

Why did they make it so hard on themselves? Security. It is, after all, part of the business of survival. The inconveniences of the site are offset by the security it creates (more cost-benefit risk management). The Aran Islands, Cotter says, required particular attention to security because they lay on the frontier between Connaught and Munster, and thus were prone to attack from both sides. Dun Aengus itself sits on Inis Mór’s high ground, allowing for the longest sight lines for spotting potential invaders; it was built on the precipice of a 300-foot cliff, literally sheering off an important potential attack route. The hilly topography allowed terracing of walls so that the walls towered over people approaching from the outside but only reached the defenders’ waists, allowing easy aiming and firing. “Always have the high ground,” Cotter says. “It’s actually a good rule for life.”

In today’s information world, security consistently loses to every conceivable efficiency or convenience. The high ground of the Internet—visibility beyond the perimeter—is rarely taken. Applications are built as rapidly as possible, shoved onto the network landscape wherever they fit, and secured only afterward, when vulnerabilities are discovered. In the Bronze Age, people could accept the sacrifice of some efficiency if it benefited security.

Build Secure Structures, Not Security Structures. “Dun Aengus would have been a center of Bronze Age life, a tribal capital,” Cotter says. Seasonal rituals, important feasts, administrative tasks, forging, trading and any number of other daily activities all transpired inside the fort. Yes, sometimes security trumped efficiency, but security was not the application, rather one woven in with many others. So while the outer enclosure made attacking the fort harder, it also created a space for secure commerce, for cattle and sheep grazing, for forging bronze (and, later, iron), and for trading. The site also faces southwest so that, on a clear day, Cotter says, you can see 75 miles down the Irish coastline. That gives locals fair warning if marauders approach, but it also would allow elites to establish sovereignty over what was a primary trading highway.

Today we build software applications and then security software applications to wrap around them. Not only is this less efficient but it’s also not as secure as stitching security into the main application, the way Dun Aengus had security woven into the fabric of what was essentially a small but active city.

Brandish Security. In its time, Dun Aengus’s grandeur was a security feature. “You were making a statement to anyone who was thinking about attacking you that you had the best defense and attacking would not be in their best interest,” says Cotter. She adds that as much as the defenses were meant to deter you, they were also an offensive, imperial impulse, “sort of like when American jets used to fly into Soviet airspace—because they could.”

Companies today rarely brandish information security—perhaps because they have little confidence in it. But letting the world around you know some of the more aggressive steps you’re taking to prevent attacks can be a powerful deterrent, especially in a world littered with less secure “forts.” Invaders attack the less secure structure.

Control Traffic. Since the architects of Dun Aengus assumed attacks would come, they designed the fort so that attacks would be as difficult as possible. Fort entrances faced downslope, forcing enemies to charge uphill. Doorways were narrow, hard to find and, when you did find them, had high stone thresholds. You couldn’t just run through. Once you did get through, more walls would force you to turn right, thus exposing your weapon-carrying arm to attack. If you managed to keep going, you’d eventually reach the massive band of chevaux-de-frise (upturned stones jutting in every direction), which would certainly slow you down. Cotter found that the chevaux-de-frise at Dun Aengus was mapped out with flat stones before it was created, and its distance from the inner enclosure was consistent with chevaux-de-frise at other sites—40 meters. “Forty meters,” Cotter says dramatically, “is a human’s missile-throwing range.”

Also see ‘4 things the Roman Aqueducts can teach us about securing the power grid’ by Michael Assante and Mark Weatherford

The whole fort was a honeypot. If you can’t stop ’em, slow ’em down. Yet many information security breaches that result in lost data are a result of perpetrators having free range to explore and attack at will once they get into the network. Notice that the features of Dun Aengus applied to friend and foe equally. Information security needs to treat the network like Dun Aengus and control the traffic at every stop; move people in the way you want them to be moved. Make it as difficult as possible for even an insider to get around and wreak havoc.

Prepare for the Unknown. One of the challenges of information security today is that new attacks are constantly being invented. Part of defending networks is defending against unknown adversaries. We like to think this is a thoroughly modern problem.

Yet, every day at Dun Aengus the sun would sink behind the crisp horizon of the vast sea, “and they literally didn’t know what, if anything, was behind the sun, and what may come from beyond to attack them,” Cotter says, imagining Bronze Age souls sitting at the cliff’s precipice, staring out in wonder.

“And they prepared in that way. Knowing they had to defend against the unknown. Knowing,” she says in a diluted County Cork accent, “there be monsters!”