Mike Spencer is a senior consultant in Optiv’s architecture and implementation solutions practice on the security information and event management (SIEM) team. Mike’s role is to provide post-sales support and consulting to Optiv clients with expertise in SIEM security solutions as well as providing support and mentoring to other Optiv team members.
Security Lessons Learned From the Zombie Apocalypse
Disclaimer: Some of this is true and some is fiction, I’ll leave it up to the reader to determine which is which.
I'll admit it, I love anything to do with zombies: films, books, you name it. Be honest, have you ever thought of what you'll do when the zombie apocalypse happens? Of course you have. I know I’ve personally spent hours contemplating the best strategy to increase my chance of survival. Luckily, my knowledge and experience as a security professional has helped me think through the best course of action.
As much as I'd like to be prepared when the zombies arrive, I can't seem to bring myself to fortify our house. Window bars would be great for keeping rotting zombies from infiltrating the living room, but let's face it, they just don't go with the decor. A stout fence would likewise be useful, but I don't want my house to look like a prison.
Given that I’m left with using the house pretty much as-is, let's explore how zombies might think (ok, we all know zombies don't think, but you know what I mean). Some zombies could remember what doors are and try to push their way through, thereby straining the hinges and my deadbolt. What if zombies could see me through my window and break through to enter the house? Fortunately my windows in most rooms are higher than normal so I'm not too worried about zombies breaking in that way.
I do have two rooms that are pretty tough to secure. My living room has a pretty pathetic door and windows that are only waist-high. Clearly if enough zombies pile against the door or press against those windows, we're in trouble. The mud room also has a weak door which I'll replace one of these years, but what if tomorrow is the day the zombies start arriving for dinner?
Fortunately, each of these rooms is easily sealed off from the main house by a stout door. In the military we call this defense-in-depth. I also have two safe rooms which likewise have stout doors and a means of escape, should zombies make it into the interior of the house.
It would be better if we could see them coming and deter or distract them (i.e. active recon). After all, I'd rather send the zombies on a wild goose chase than have to fight them inside my own home. If we banded together with our neighbors and extended our perimeter out away from the walls of our homes we could better protect our neighborhood and families. Each person could cover a certain area, and we could back each other up by ensuring that the areas intersect.
Where is all this leading? Well, there are a number of similarities between the zombie scenario and cyber security. The zombies are clearly equivalent to threat actors who try to infiltrate our network and cause harm (although hackers are much smarter and imaginative than zombies!). The house represents our company perimeter, with the doors representing firewalls and the windows illustrating alternate means of entry, such as covert channels, backdoors or even poor security procedures.
The idea of conducting active reconnaissance was recently discussed in an article I wrote for SC Magazine on Colonial Ranger units. If you didn’t read it, the bottom line is that we need to have visibility at least at the very edge of our perimeters and preferably a lot further out so we can be more proactive. The same theme holds true for this zombie example.
So, while thinking about the inevitable zombie apocalypse is certainly more entertaining than discussing the specifics of firewall configuration, many principles remain. And you thought network security was boring!