Everyone knows that folk tales are a storehouse of wisdom, but not many people think that with their help you can teach children the basics of information security. Often children try to figure something out themselves and end up in dangerous situations. To the question “Why not tell children about cyber threats and how information security works?” parents usually say, "But it's so difficult."
Meanwhile, there is nothing complicated about this, everything has already been explained hundreds of years ago. All you need is to focus your child on the right aspects.
This is a well-known European folk tale, the plot of which was repeatedly retold by the brothers Grimm, Charles Perrault and many others. Let's take a step-by-step look at what's going on there.
This is where cybersecurity begins - you can begin to explain the procedure for the handshake process (establishing communication) between two participants and the threats associated with this !
Little Red Riding Hood has a program - knock on the door, get the request "who is it?" and answer with a passphrase about pies, so that grandmother authorizes her and gives access to the house. But for some reason she gives out a passphrase before the query “who is there?”, Which is what the attacker uses .
Both of these can be regarded as a denial of service DoS attack . If the Wolf tries to log in to the grandmother’s house after the arrival of the Hat, then it is likely that they will not let him in. Therefore, it is important for him to make sure that she is not able to complete her basic delivery procedure on time.
This is practically a textbook version of the Man in the Middle ( MitM ) attack: the attacker “passes” the victim’s web traffic “through himself” (possibly by changing the parameters of the DNS server or file hosts on the victim’s computer or smartphone). While the victim believes that he is working directly , for example, with the website of his bank , the traffic passes through the intermediate site of the attacker , which thus receives all the data sent by the user ( login, password , PIN , etc.) . Wolf wedged into communicationbetween the two parties, learns the information exchange procedure and the passphrase from the client - and plays a message to simulate authenticity when trying to access the server .
In fact, he is organizing a phishing site , trying to imitate a grandmother. From the door everything looks authentic - grandmother’s bed, someone is lying in it.
This is a continuation of the MitM attack . Only now, Wolf, who recognized the second part of the information exchange procedure, imitates the normal behavior of the grandmother's server. The cap, not seeing the trick, is authorized.
In real life, like in a fairy tale, phishing sites are rarely 100% convincing . Attackers often leave dubious elements - like a suspicious hyperlink . To avoid problems, you should be careful: say, if the "grandmother" has a too large domain name , you need to urgently leave this site.
Here the parallels with information security, however, as with real life, are ending.
Now let's talk about two-factor authentication and biometric protection . How two-factor authentication works, the fairy tale “The Wolf and the Seven Little Kids” clearly shows. Let's take a step-by-step look at what really happens here.
This is an illustration of a password leak . Since mom-Goat and her children talked through an unprotected channel , the Wolf was able to intercept the password from the house and is going to use it to attack the kids.
This is the second factor : to get into the house, it is not enough to know the password. You also need to pronounce it with the correct modulations. In fact, this is a biometric factor. Anyone can find out the password, but only a user with an additional differentiating feature can enter it.
This is a good example of a trick by which an attacker bypasses authentication using the second factor. In this case, fakes biometric data - voice. Such a scenario is quite real; fraudsters are already using it. In fact, the fairy tale helps not only explain to the child what two-factor authentication is, but also to show that biometrics are actually not as reliable as it might seem.
IB-subtext is in any fairy tale - the main thing is to show it correctly. “Three Little Pigs” talk about intruders and brute force attacks (from the English brute force - brute force or brute force method - one of the most popular password cracking methods ). The Snow Queen sets up malicious fragments - exploits - in Kaya and takes control of him.
As you can see, a fairy tale is an excellent cyber security specialist guide for a child. The main thing is to draw a correct analogy - you can learn your little lesson from almost any fairy tale. You can also learn how to get a job in cyber security.