The Castle Defense Concept, A Manual to defend your businesses against BOTNETS

by May 1, 2019

Botnets and The Castle Defense Concept

This isn’t about the White Castle and the movie Harold and Kumar Go to White Castle. White Castle makes great burgers when you need them at 1 in the morning, but that’s not the castle.  Let’s talk real castles here. This is about the castle you would find in the movie Monty Python and the Holy Grail.  The Holy Grail, in the case, is not the cup from the last supper but the perfect defense against cyber-attacks.

Think of  castles in England, Scotland and Europe.  One of those seen against a rising sun backdrop in historical documentaries or movies about Kings and Queens going to war against an angry nobleman. That nobleman wants to take what is theirs earned by hard work or given by birthright.  Many times, the attack is from a faraway land or across an ocean or and English Channel from the Normandy coast of France.  Once on land, their only purpose is to capture the castle flag or the royal colors.

These castles and their occupants operate an effective defense in depth strategy.  Consider the attacker’s nobleman and his bought and paid for Army as a Black Hat attacker who has forcefully conscripted several soldiers in the form of IT BOT devices to assault a business or government target that is the Kingdom’s Castle. 

Putting aside that the Black Hat’s Army would have to cross land and a large body of water, when they finally reach the Castle, the assault force has several defense measures to overtake.


Mountains, Moats, And Massive Walls

Most Castles, if the builders exercised strategic foresight, were built on a hill or at a high elevation.  If not, they built it with a large body of water on one or all sides.  This could be the first firewall. If they didn’t have a water or high land protecting it, then all of them had an outer curtain wall.  A wall if a heavy, high, locked protected gate.  The walls were difficult to climb and were usually defended by a force shooting arrows or dumping hot tar or something that made life miserable for the attacking force. 

This could be likened to an edge firewall, Intrusion Prevention System, or Access Control List. An attack force may think they are doing well by crossing the water and assaulting up the hill but then they face the third level of defense, the high wall configured with soldiers using weapons.


Turrets, Towers, and The Lookouts

Say the black hat attackers and the BOTNET fight their way inside the castle walls, then then they must get past the turret, towers and lookout points from high above.   In addition to providing intrusion detection, the towers act as a high ground defense force with the advantage of knowing where the attackers are heading.  Real-time Intrusion Prevention, switch and server logs are perfect for this.  Logs and reports like these list port access points, signatures and repeated pinging of ports being mapped by attackers using a tool set like the Kali Suite.   


Gatehouses, Drawbridges, And Barbicans (The Long Tunnels)

All Castles need a gatehouse, drawbridge, and a barbican tunnel to control entry and exit.  A tunnel which is a term that describes a Virtual Private Network (VPN), an encapsulated tunnel.   These defense measures are similar to having port security and a white list for website access so users can’t access malicious websites and download malware.  White lists are websites that only are allowed in rather than a blacklist where it notes all of the sites users can’t click with their workstation browser.  These site usually have reputation for bad coding or malicious activity.  Blacks Lists are historically tougher to control and manage because the list is longer. 


Layouts, Shields, And Guards

The attackers, if they have gotten this far, must contend with the castle layout itself and the King or Queen’s personal guards. They must find the royals before they can take him or her away and put them in the tower for ransom or ransomware bitcoin.  This is the castles endpoint security and antivirus protection software.  One of the last lines of defense before an attacker gets through to a user or workstation.


Advisors, Awareness, And Viruses   

The last line of defense for castles and the kings and queens were the regents and close advisors.  These people closest to the power elite and if they were disloyal it could be unfortunate for them and for the royal.  The whole empire could be toppled.  However, the close advisor could evaluate and consult to the king or queen to thwart an attack before it happened.  In other words, planning, education and action.

In the IT world, managers and employees are the last line of defense and have a responsibility to not open emails from unknown senders and open attachments that could send a worm or other antivirus malware through the network.  Education and life cycle management and application updates are key to preventing attacks.

Business and government organizations can’t afford to have black hat attackers capturing their castle flag. Capturing the flag can equate to your data that contains Personal Identifiable Information, Personal Health Information or business practice intelligence and know-how.


Robot Networks, Zombies, And The High Wall

Cloud security engages a defense in depth approach that is somewhat like a medieval castle defense defending the realm. One of the attacks that cloud security prevents is the malicious BOTNET attack.  BOTNET is a combination of two words ROBOT and NETWORK.  It’s several IoT and mobile devices like laptops, tablets and phones linked together through a master black hat attacker manipulating hundreds or thousands of devices through command and control software.

A BOTNET adds computers and other devices that can also include home security software, ROKU devices, and other (Internet of Things) IoT hardware through installing a trojan horse or malicious software on your computer.  Many homes and offices have hardware that are connected to a network.  Things like SMART TVs, security cameras, laptops, tablets and even thermostats and refrigerators.  Once they have your device lined up for their attack force, they use the BOTNET army to disable network services by flooding it with too many requests for the network to handle.

According to the Norton security website, “A botnet is nothing more than a string of connected computers coordinated together to perform a task.”  Like anything else associated with the IT world, BOTNETS can be used for positive tasks or for unethical malicious tasks. BOTNETS, also known as a Zombie Army, can be used for ethical purposes like chatrooms, but they are more often being used for bad behavior.

Unethical tasks include running a distributed denial of service (DDOS) attack or worse a permanent denial of service attack (PDOS) on a network that floods a network.  These attacks flood a network with requests from many controlled devices using all of its resources and bandwidth, thereby shutting down the internet side of a business or government organization.  In some case, many requests can overload a security system and have a request sneak through and change a router, switch, or server firmware configuration.  This can bring a whole system down and create a PDOS.

Attackers, however, make more profit because every business including illegal ones have a bottom line. In addition to using ransomware themselves, black hats and bad actors in the IT community create BOTNETS and sell them to the highest bidders for nefarious activities. These buyers use them to perform a DDOS and ask for ransom in the form of BITCOIN currency to undo their damage.


The Norton Website Also States That…

Common tasks executed by botnets include:
  • Using your machine’s power to assist in distributed denial-of-service (DDoS) attacks to shut down websites.
  • Emailing spam out to millions of Internet users.
  • Generating fake Internet traffic on a third-party website for financial gain.
  • Replacing banner ads in your web browser specifically targeted at you.
  • Pop-ups ads designed to get you to pay for the removal of the botnet through a phony anti-spyware package.


In closing, botnets are powerful resources for hackers that can hijack your computer and do what botnets do best– carry out mundane tasks faster and better than most malicious attacks. Below, we have compiled a list of recent BOTNET attacks that have taken place recently.


How can you prevent these attacks?

There are a lot of counter measures you can take. One way is through the cloud. And how does the clouds network security prevent botnets attacks? Yeah, we made a list for that too! Check it out below and feel free to contact us with any questions you may have about securing your business in the cloud.


How Cloud Network Security Prevents Botnets Attacks

  1. Cloud Networks control access through credential management, Access Control List, Permission Management
  2. Continuous Network Monitoring for malicious activity. Log review and Intrusion Prevention Systems.
  3. Application and Operating System patch management.
  4. Port Security Management for Routers and Switches.
  5. Firmware testing and upgrade management.
  6. Database Security and Encryption
  7. Data security and backup management.
  8. Two factor authentication management.
  9. Hardware and software life cycle management.
  10. User turnover management.
  11. Mobile device security strategies.


Recent Botnet Attacks

  1. Justice Department Announces Actions to Dismantle Kelihos Botnet
  2. Fear the Reaper? Experts reassess the botnet’s size and firepower
  3. Tech Firms Team Up to Take Down ‘WireX’ Android DDoS Botnet
  4. Securing Your Routers Against Mirai and Other Home Network Attacks
  5. Which countermeasures improve security and which are a waste of money?

Welcome to Ctrl Cloud Blog

Our focus is on helping organizations transform their technology and budgets by providing access to customized, top tier solutions in the cloud.

Learn More

Rick Bretz

Rick Bretz

Chief content and technical writer

Rick Bretz  possesses comprehensive experience in several subjects including video editing and production, radio/TV and journalism writing, videography, radio broadcasting, IT Management, Information Security and Assurance.  He also works as a Senior Cyber Security Engineer for Vulnerability Management, Service/Infrastructure Operations and Platforms Support for the government. Mr. Bretz also is a documentation and technical writer for the Veteran Administration’s Continuous Readiness in Information Security Program.  He also served in the US Army beginning in 1979, graduating from leadership schools and from Journalism, Broadcasting, Newspaper Editing and Public Affairs Supervisor courses.  He retired from the Army with many writing and broadcasting awards to accept video production and management positions.  He holds a BS degree in Information Technology with a Specialization in Security Assurance from Capella University and has a Security + Certification from CompTIA.  Mr. Bretz also writes his own blog on topics that interest him that can be reached at