Blue Team vs. The Rabbits: The DMZ
The rabbits are outside in a hutch. How does the blue team properly secure them?
A basic security stance for any organization is internal, external, and a demilitarized zone, or DMZ. A configuration can get far more complicated than this with zone-based firewalls, of course. But the rabbits like to keep it simple.
On the inside you have your house rabbits and private corporate servers. No one on the outside, and without authorization, should have access to these. External is where the bad guys and dire wolves live. But sometimes you have to allow public access to certain systems and this is where a DMZ comes in. Less secure than internal, but it shouldn’t be the wild west either.
Blue team has to protect the rabbits in the DMZ, out in the backyard hutch. Being smart folks, the first thing they ask is:
Why are the rabbits in the DMZ at all?
When securing a system you need to know what you’re defending, why you’re defending it, and cost. You have to assign risk.
Is this a cherished pet mini-lop that only authorized users have access to? Then perhaps you have to bring her inside to be with the house rabbits. There is no reason for this system to be outside of your private network.
Is this a prize winning bonded pair of Flemish Giants that many people want to visit and scritch? They could be DMZ candidates unless the process only allows vetted external users. Ask yourself: can and should the public have access these rabbits at any time?
Are you a large public shelter that receives continuous visitors? DMZ material, but controls still need to be in place.
TODAY’S SCENARIO: Prize Winning Flemish Giants, Heroic Measures
They’re huge, gray, inquisitive, friendly, and the talk of the town. Everyone and their aunt wants to come see them, and some folks will even visit in the middle of the night. What does blue team do?
Possible attackers are animal predators and humans with dark intentions. Plus there is the weather. Because of the nature of the system, backups are not possible. These rabbits are unique and irreplaceable. Another pair of Flemmies might be of a more surly disposition and not the same pleasing hue. The team has their work cut out for them.
A large external fence or wall with a single entrance (or open port) is the first defense. Place lighting and motion detectors around it. The entrance should only be accessible by humans. That should provide a good enough deterrent against animal predators. The hutch itself should defend against airborne threats. You might consider a second outer wall as well. Build the entrance perpendicular to the inner wall, to provide a choke point. Place a registration desk here.
Build a sturdy hutch with protection against rain, wind, and temperature. The team should prepare to pay whatever it takes to keep the rabbits warm, dry, and comfortable. If there is no buy-in from the top for this protection, then the team is doomed to fail. Remember, recovery is not an option.
Cameras at the entrance to the yard and the hutch itself are absolute requirements. You should have a 24/7 operator at the console (or at least nearby and ready to respond immediately). Store video for at least 30 days, but 90 or more is better. You could cut costs by activating the cameras only at motion detection events. This means accepting the increased risk of false positives and negatives. Storage is cheap, these rabbits are priceless.
The strongest protection is a close-at-hand operator ready at all times. They need to prepare for animal invasion, theft, weather events, fire, and floods. Perhaps even escape attempts. Compensate the operators well to reduce the risk of inside threats.
During business hours it is ideal for a human operator be present for visitors. Log all guests and escort them to the rabbits.
Servers and rabbits both need regular maintenance. Remember to schedule regular veterinary appointments with a skilled exotics practitioner. Or apply required patches during scheduled service windows.
Instead of rabbits, this could be your company webserver and reputation on the line. Calculate the risk, apply the correct controls, and enforce these controls. Anything facing the public requires an extra suspicious eye.