• Member Since 15th Feb, 2012
  • offline last seen Yesterday

totallynotabrony


More Blog Posts56

Apr
27th
2019

Physical Security of Canterlot Castle · 2:11am Apr 27th, 2019

If you haven't seen the episode that premiered April 20, Sparkle's Seven, I highly recommend it. It's the 200th episode and they did a special job. I'll wait. Alternately, you can watch the abridged version.

If you have seen it, or don't mind spoilers, read on.



So let's review Shining Armor's new security plan.

  • The castle is now surrounded by shards of Queen Chrysalis’ throne. Its anti-magic powers stop anycreature from using a spell to get inside.
  • Giant fans keep anycreature from flying too close to the castle.
  • The entrances to the tunnels below the castle have been sealed
  • Doubled the ranks of security. Guards protect every hallway and door.
  • Doors can now only be opened with royal guard badges
  • A pit trap in front of the thrones.
  • Honking, biting geese protecting the throne room.

These are all substantial improvements to castle security. Now that Sparkle & Co got a chance to pentest it, let's take a look at what worked and what didn't.

  • 👍Anti-teleport magic
    Twilight, the Element of Magic, never even tried it. Maybe Starswirl or Starlight could have done something, but so far this spell hasn't been breached. But: can you teleport out? It could be a safety issue during an emergency.
  • 👋Giant fans
    The fans ended up being powerful enough to crash the balloon. It took a Wonderbolt to spot a vulnerability, but there was still a vulnerability. Unsightly, too.
  • 👎Tunnel entrances sealed
    It looks like there used to be public doors there, as if ponies would go into the tunnels all the time. Not only does that likely make them mapped, but it's pretty clear the sealing didn't work. A medium-power unicorn like Rarity had zero trouble getting through the bricks.
  • 👋Doubled the ranks of security
    The extra personnel appeared effective, as nopony tried to directly sneak past them, but training is still horribly lacking. Applejack's concert and Pinkie's party easily distracted the entire guard unit, despite Shining Armor specifically preparing for it, and even recognizing Applejack.
  • 👋Doors can now only be opened with royal guard badges
    The system worked, but was vulnerable to the badges being stolen, which is exactly what happened, likely made worse by poorly trained guards.
  • 👍A pit trap in front of the thrones
    Worked as intended, despite Fluttershy and Spike knowing it was there. Only covered the area directly in front of the throne, though, and vulnerable to fliers.
  • 👎Honking, biting geese protecting the throne room.
    Many false alarms rendered them worthless. Granted, perhaps Luna's collusion in the plot was part of this. Live animals also come with problems of upkeep.

This extra security was installed as a response to Sombra attacking, but I really can't see any of it stopping him. Honestly, the pit trap would probably have been the most effective thing, and not even that with his crystal magic.

What would have worked better?

  • Fix the hole in the fan coverage. Now that Rainbow knows where it is, she can tell someone. A different system, not involving whirling blades, would probably be safer and look better.
  • Reinforce tunnel entrances. Maybe even have guards patrol the tunnels.
  • Please, for the love of God, train the Royal Guards to be professionals.
  • A biometric door locking system that couldn't be duplicated or stolen would have been better than the badges. Hopefully not vulnerable to changelings.
  • Increase size/number of pit traps. Install some kind of anti-flier system in the throne room.
  • Find better guard animals, or simply station Royal Guards in the throne room.

Of course, this is only if you're trying to protect the empty throne room. Nobody seems to have given any thought to protecting, oh say, the Princesses' bedrooms, the royal vault, or dungeons filled with prisoners and dangerous artifacts...

While potential enemies trying to break into the castle are probably going to be powerful, how much of Sparkle's Seven was due to the girls' special talents, things only they could have done? Pinkie cannot into space, but if she could, that could have provided effective surveillance. The plan came together so quickly, however, that it likely didn't matter. Everything happened underground or inside the building, anyway.

Maybe the Pinkie party could have only been done by her, but Applejack's middling concert seemed to work just about as well, so any sufficient spectacle by anypony probably could have distracted the guards.

Fluttershy quieted the geese, but if they're known to cause false alarms that may not have mattered. Even so, there was still little point in protecting an empty throne room. In the case of the crown, anypony could have flown in, grabbed it, and quickly flown back out alarms or not.

What about breaking into the tunnels through rock walls? Maud is likely one of the few ponies capable of finding weak places in rocks, and Applejack is probably one of few ponies able to hit them just right. Probably not a big security vulnerability.

I'll give it to Shining Armor, the castle security is now way better than it was, but it was the next thing to nonexistant and it still isn't effective considering the proven threats Equestria faces.

Report totallynotabrony · 662 views ·
Comments ( 11 )

Also realistically none of it matters if the attacker is just bruteforcing their way in like a Dragon, Hydra or Ursa Major. Also a powerful magic user could just decided to drop a meteor on the castle so anti-magic isn't that effective not to mention most creatures don't use active magic.

I saw unicorns using spells to attempt to shoot pegasi out of the sky during the premiere. Maybe put some unicorns in the towers of the castle for air defense. Kind of like anti-aircraft gun’s.

I agree with everything you said here.

5049903
Announcing the security features. Disregarding the ideas and opinions of another with similar authority to Shining Armour. Plain Clothes guards?

Guards
Personnel is the most important thing in security. Mechanisms and gimmicks only work when the people work. Many a heist movie has had security breached by somebody dressed as a guard, or hired as a janitor, or some other way of seeming legit. In this episode, Rarity was successful at slipping in dressed as a guard, in large part because they'd increased the ranks of the guard so much.

More guards are only worthwhile if those guards:
a. Are properly trained
b. Know each other, or have a system that prevents impersonation.

So my advice would be to split the guards into two cadres. A larger group that can be seen patrolling public areas, and an smaller group that's assigned to the secure areas (which, as you say, should include more than just the throne room). Concentrate on training the inner guards properly, and make sure they all know each other.

Authentication
The badges are a good idea, but too easily stolen on their own. They need to be combined with something else.

There are three possible "factors" in proving your identity:

  • Something you know (password, PIN, secret handshake)
  • Something you have (security badge, timed token)
  • Something you are (biometrics, face recognition software, unique magical signature)

A system that takes five different passwords to get in is still only one-factor because a single person can leak all those passwords; two-factor security uses a combination of things, such as a card and associated PIN. Biometrics are popular in movies because they look high tech, but are easily defeated on their own; again, they need to be combined with other factors. Perhaps the biggest weakness in fancy biometrics is that they lead people to trust the system; fool the computer and you've fooled the people as well.

Entry to the secure areas of the castle should require more than just a badge; it should be a combination of factors, such as a badge in combination with a secret code.

Discipline
Anything that causes lots of false alarms is really bad for security, because it encourages people not to take security seriously. It devalues not just itself, but other security measures as well. Get rid of the geese!

Similarly, anything that leads people to trust the system too much is dangerous. The big fans may prevent anypony attacking from the air; but since everybody knows that, they're now unprepared for an attack from the air. And the fans affect your own pegasus guards as much as the enemy's, hindering your response and potentially causing confusion at the worst moment.

The right level of security has everybody remain vigilant while still able to do their jobs. Security that gets in the way inevitably leads to people finding ways around it, whether that's a post-it note under the keyboard or a shared password. False security is rife across government and business, and it's harmful to real security.

Finally, human weakness isn't going away, however good your training. Instead of a system that demands guards be perfect, you need a system that remains secure even when they're not. So if a bunch of guards get distracted by a concert, that shouldn't open up any holes in your perimeter.

In conclusion
I'm actually really impressed with this episode. It covers realistic security measures, the ways they're used together and the weaknesses in them. And it shows what "white hat" hacking and penetration testing do. It's actually really good for teaching kids things they're probably going to need to know about in a few years, whether they end up as politicians, programmers or security guards.

5049999
Shining needed to bring in the one stallion capable and disciplined enough to keep all those crafty mares at bay.

derpicdn.net/img/view/2014/10/8/738395.jpg

SunShim should print off the Evil Overlord list and hoof-carry it through the portal to Shiny.

Also, did this episode remind anybody else of the old "Red Cell" books my Richard Marchinko?

5049999
Completely agreed on personnel being the most important thing in security. I've seen tons of videos on how to defeat unattended fences. People are so creative when it comes to destroying things. The only way to deter determined attackers is armed guards.

For an episode written by the voice actors, I'll say again that it's kind of strange that it ended up being about pentesting. Then again, there might be something there. Voice actors are legitimate actors while simultaneously not having front-page faces. I could maybe see them actually being decent at doing this, or at least over-the-phone social engineering.

5050021
While I haven't read Marchinko's books, I know who he is. Penetration testing is a real tactic utilized to test security, and he might be one of the more well-known practitioners.

So it turns out that those geese may have been a reference to the Battle of Allia. I never questioned how effective they would be, since this show has always been up in the air with how smart the 'animals' are suppose to be.

Login or register to comment