Everyone knows that folk tales are a storehouse of wisdom, but not many people think that with their help you can teach children the basics of information security. Often children try to figure something out themselves and end up in dangerous situations. To the question “Why not tell children about cyber threats and how information security works?” parents usually say, "But it's so difficult."
Meanwhile, there is nothing complicated about this, everything has already been explained hundreds of years ago. All you need is to focus your child on the right aspects.
red Riding Hood
This is a well-known European folk tale, the plot of which was repeatedly retold by the brothers Grimm, Charles Perrault and many others. Let's take a step-by-step look at what's going on there.
- Mom sends her daughter to her grandmother with pies and a pot of oil.
- Little Red Riding Hood meets the Wolf, who asks: "Where are you going?"
- Little Red Riding Hood replies: "I go to my grandmother and bring her a basket of pies and a pot of butter."
This is where cybersecurity begins - you can begin to explain the procedure for the handshake process (establishing communication) between two participants and the threats associated with this !
Little Red Riding Hood has a program - knock on the door, get the request "who is it?" and answer with a passphrase about pies, so that grandmother authorizes her and gives access to the house. But for some reason she gives out a passphrase before the query “who is there?”, Which is what the attacker uses .
- Depending on the version of tale, the Wolf either sends the Riding Hood a long way or invites her to collect a bouquet for her grandmother.
Both of these can be regarded as a denial of service DoS attack . If the Wolf tries to log in to the grandmother’s house after the arrival of the Hat, then it is likely that they will not let him in. Therefore, it is important for him to make sure that she is not able to complete her basic delivery procedure on time.
- The wolf is the first to get to Grandma’s house and logs in , responding to the query “who is it?” passphrase . Grandmother gives him access to the house.
This is practically a textbook version of the Man in the Middle ( MitM ) attack: the attacker “passes” the victim’s web traffic “through himself” (possibly by changing the parameters of the DNS server or file hosts on the victim’s computer or smartphone). While the victim believes that he is working directly , for example, with the website of his bank , the traffic passes through the intermediate site of the attacker , which thus receives all the data sent by the user ( login, password , PIN , etc.) . Wolf wedged into communicationbetween the two parties, learns the information exchange procedure and the passphrase from the client - and plays a message to simulate authenticity when trying to access the server .
- The wolf eats the grandmother, lays down in her bed and is covered with a blanket.
In fact, he is organizing a phishing site , trying to imitate a grandmother. From the door everything looks authentic - grandmother’s bed, someone is lying in it.
- Little Red Riding Hood comes to the house and the question "Who is it?" gives out his passphrase about pies.
This is a continuation of the MitM attack . Only now, Wolf, who recognized the second part of the information exchange procedure, imitates the normal behavior of the grandmother's server. The cap, not seeing the trick, is authorized.
- Little Red Riding Hood comes into the house and begins to doubt why her grandmother has such big ears, eyes, teeth ... But in the end, satisfied with the inaudible explanations of the Wolf, logs in and becomes a victim.
In real life, like in a fairy tale, phishing sites are rarely 100% convincing . Attackers often leave dubious elements - like a suspicious hyperlink . To avoid problems, you should be careful: say, if the "grandmother" has a too large domain name , you need to urgently leave this site.
- Lumberjacks come (hunters in some versions), open the Wolf, and the grandmother with Little Red Riding Hood pops up safe and sound.
Here the parallels with information security, however, as with real life, are ending.
The wolf and the seven Young goats
Now let's talk about two-factor authentication and biometric protection . How two-factor authentication works, the fairy tale “The Wolf and the Seven Little Kids” clearly shows. Let's take a step-by-step look at what really happens here.
- Mom-Goat goes into the forest, warning the kids so that they do not open the door to outsiders. In the Russian version of the tale there is an addition - she asks them to open only after the phrase "Your mother came, brought milk." The phrase overhears the Wolf.
This is an illustration of a password leak . Since mom-Goat and her children talked through an unprotected channel , the Wolf was able to intercept the password from the house and is going to use it to attack the kids.
- The wolf comes to the house and says: "Your mother came, brought milk." But the kids are not open to him. Because even though the password is correct, the Wolf’s voice does not look like the voice of mom-Goat.
This is the second factor : to get into the house, it is not enough to know the password. You also need to pronounce it with the correct modulations. In fact, this is a biometric factor. Anyone can find out the password, but only a user with an additional differentiating feature can enter it.
- The wolf goes to the blacksmith and asks him to reforge his voice, after which he again tries to gain access. And this time successfully.
This is a good example of a trick by which an attacker bypasses authentication using the second factor. In this case, fakes biometric data - voice. Such a scenario is quite real; fraudsters are already using it. In fact, the fairy tale helps not only explain to the child what two-factor authentication is, but also to show that biometrics are actually not as reliable as it might seem.
Cybersecurity in other tales
IB-subtext is in any fairy tale - the main thing is to show it correctly. “Three Little Pigs” talk about intruders and brute force attacks (from the English brute force - brute force or brute force method - one of the most popular password cracking methods ). The Snow Queen sets up malicious fragments - exploits - in Kaya and takes control of him.
As you can see, a fairy tale is an excellent cyber security specialist guide for a child. The main thing is to draw a correct analogy - you can learn your little lesson from almost any fairy tale. You can also learn how to get a job in cyber security.