Sorry Han, When it Comes to Security, You Need to Know the Odds
Star Wars is a cultural phenomenon. For the past 40+ years audiences from all around the world have become enthralled with the characters, the story, and the technology that existed a long time ago in a galaxy far, far away. Who knew that it was also a wonderful lesson in modern IT security? For today’s blog, we look at three situations that happened in Star Wars: A New Hope; and, how, if proper IT strategies were put in place, the Empire would have been able to protect its greatest asset.
A Little Background
For those of you who have spent your lives living on Dagoba and haven’t seen the original Star Wars movie, subsequently titled, A New Hope, the story follows a young pilot named Luke Skywalker, whose guardians are murdered by soldiers of the Imperial Army, who were looking for two droids Luke’s Uncle Owen purchased. With the help of an old hermit, Obi Wan “Old Ben” Kenobi, Luke sets out to join the rebellion led by Luke’s sister Leia (although they don’t know they are related).
The Empire has developed a new type of battlestation called the Death Star, which is a moon-sized behemoth equipped with a Superlaser, which was soon used to obliterate first Jedha City (Rogue One) and eventually, Leia’s (adopted) home planet of Alderaan. Knowing that having a weapon with that kind of destructive power would be the end of the rebellion that was underway by a pro-democratic coalition called the Alliance to Restore the Republic (or Rebel Alliance). The plot of A New Hope centers around the rebellion attempt to neutralize the Imperial’s Death Star.
A team consisting of former smuggler Han Solo, the Wookie Chewbacca, serial-whiner Luke Skywalker, Jedi Obi Wan Kenobi, and two droids C-3PO and R2-D2 set out to save Princess Leia Organa from a cell on the Death Star. Today, we’ll take a look at how the Empire's security procedures made it possible for the rebellion to get Leia out of there, while simultaneously destroying the battlestation and throwing the Empire into chaos.
Star Wars - Obi Wan Kenobi was a wanted man by the Empire after he defeated Anakin in a duel on Mustafar (Revenge of the Sith), so even though it was decades later, he would have to be careful. When he’s stopped by Imperial Stormtroopers, he was able to use the Jedi Mind Trick to spoof their thoughts and get past the checkpoint.
Real World - Having a thoroughly controlled authentication protocol is an important part of keeping your data and infrastructure secure. Passwords, biometrics, and other forms of authentication have to both work for the users, while also being complex enough to keep unwanted parties out.
A Complete Lack of Segmentation and Lack of System Encryption
Star Wars - Once the team gets to the Death Star, they gain access to a control room where the droids begin to access the Death Star’s system. As soon as he’s hooked up, R2-D2 has complete access to the whole entire network without any form of authentication or protection.
Real World - Having some segmentation to your network allows you to pick and choose who can access certain information and who can’t. No matter who can access information, your network data needs to be encrypted to ensure that just anyone can’t access all the sensitive information on it.
Ignoring CISO at Great Peril
Star Wars - The Admiralty of the Imperial Army did not want to hear that there was a possibility that the rebels had found, and could execute sabotage, on a vulnerability. So much so that Grand Moff Tarkin scoffed when he was approached about the potential vulnerability to the battle station. Nothing was done with that information and it resulted in the first Imperial Death Star being destroyed, and the death of all Imperial staff onboard.
Real World - It is very, very risky to ignore the vulnerabilities in your network, as the more open your network is to outsiders, the larger you risk being infiltrated. Keeping your network and infrastructure up to date with the latest patches and security protections is a must to keep your organization from being put in precarious positions, or from being destroyed outright.
No matter what you think about your organization’s network security, you can learn a lot from the negligent manner the Empire went about securing their important assets. If you are looking for some help with your organization's security, whether it be physical or virtual, call Directive’s professional security technicians today at 607.433.2200. May the fourth be with you!