How do you explain the concepts of information security to your children? Chances are, you simply don\u2019t. Some give up on making information security relatable and just forbid kids from doing some things online \u2014 or even from using the Internet in general. But prohibition without explanation is counterproductive, more likely spurring children to go after the forbidden fruit.<\/p>\n
In answer to the question \u201cWhy not talk to your children about cyberthreats and how information security works?\u201d parents, who may not have the firmest of grasps on the concepts to begin with, tend to get frustrated and give up, and not necessarily in that order. But everything\u2019s already been explained. You might not realize it, but numerous textbooks on cybersecurity for little ones were in fact written hundreds of years ago. You know them as fairy tales. All you need to do is refocus them a little.<\/p>\n
Take, for example, Little Red Riding Hood<\/em>. It\u2019s a well-known European folk tale<\/a> that\u2019s been repeatedly retold by such eminent cybersecurity experts as the Brothers Grimm, Charles Perrault, and many others. The various versions of the story may differ slightly, but the basic plot is the same. Let\u2019s take a step-by-step look at what happens.<\/p>\n The cybersecurity implications are clear from the start \u2014 here, you can explain the handshake<\/a> procedure, which is the process of establishing communication between two parties, and together observe the related threats.<\/p>\n Now, Little Red Riding Hood has been programmed to knock on Grandma\u2019s door, receive a \u201cWho\u2019s there?\u201d query, and respond with a passphrase about Mom sending treats so that Grandma can proceed with authorization and grant access to the house. But for some reason, she gives out the passphrase to a random request, without having received the proper \u201cWho\u2019s there?\u201d query. That gives the attacker an opening to exploit.<\/p>\n Either way, it\u2019s a type of Denial-of-Service<\/a> (DoS) attack. If the wolf tries to log in to Grandma\u2019s house after Little Red Riding Hood\u2019s arrival, it is unlikely to be let in; the one expected visitor is already inside. Therefore, it\u2019s important for him to put Little Red out of commission for a while, so that she cannot complete her task on schedule.<\/p>\n This is a near-textbook version of a Man-in-the-Middle<\/a> (MitM) attack using the replay attack method (although in our case, Wolf-in-the-Middle<\/em> would be more accurate). The wolf taps into the communication channel between two parties, learns the handshake procedure and passphrase from the client, and reproduces both to illegally gain access to the server.<\/p>\n In modern terms, he is setting up a phishing<\/a> site. Everything looks authentic from the door \u2014 Grandma\u2019s bed is there, someone resembling Grandma is lying in it.<\/p>\n This is a continuation of the MitM attack, only now the wolf, who has learned the second part of the information exchange procedure, mimics the normal behavior of In real life, as in this fairy tale, phishing sites are rarely 100% convincing and often contain dubious elements, like a suspicious hyperlink. To avoid problems, it pays to be attentive: If, say, Grandma\u2019s domain name is sticking out of her nightcap, leave the site immediately.<\/p>\n Little Red Riding Hood sees some inconsistencies, but unfortunately, she ignores them. Here you\u2019ll have to explain to your child that Little Red\u2019s behavior is careless, and say what she should have done instead.<\/p>\n Admittedly, the parallels with information security are imperfect. You can\u2019t cut open a cybercriminal to restore money, reputation, or security. Well, to be fair, we haven\u2019t tried. And for the record, we are in no way associated with anyone who has.<\/p>\n Fairy tales contain life lessons, and there\u2019s bound to be some information security subtext in any fairy tale \u2014 the main thing is to expound correctly. In The Three Little Pigs<\/em>, for example, we see a script kiddie who uses a huff-and-puff tool for brute-force attacks<\/a>. The Snow Queen<\/em> installs troll-mirror malware in Kai and takes control of him, much the way a remote-access tool (RAT)<\/a> gives an insider\u2019s level of system control to an outside criminal.<\/p>\n\n
\n
firmware<\/s> fairy tale, the wolf either sends Little Red on a detour, or suggests that she pick some flowers for Grandma.<\/li>\n<\/ol>\n\n
\n
\n
the server<\/s> Grandma. Little Red, spotting nothing suspicious, logs in.<\/p>\n\n
\n
Cybersecurity in other fairy tales<\/h2>\n