How to keep a darknet in your own data center.
Well, it’s RSA week, and the security blogosphere has been pretty quiet except for the “having-a-great-time-meeting-cool-people-wish-you-were-here-posted-from-my-iPhone” entries, so I thought I’d do my part to fill the void.
How to keep a darknet in your own data center:
1. Order and receive the equipment before your outsourcer arrives. Get it cabled in.
2. Have the outsourcer put asset tags on everything in the server room that doesn’t move. Make sure this is done by someone whose sole job is asset tagging, and the resulting report goes to some central manager who knows nothing about your systems.
3. On the one day of the year that the outsourcer runs the network discovery scan, turn the machines off.
5. Make sure that the outsourcer never gets around to reconciling the network scan with the asset tag inventory, or if they do, make sure it’s done by someone in the central office who doesn’t know your systems and who will assume that the asset tagger just made a mistake.
4. Have your head of networking be sympathetic to your cause and keep his mouth shut.
5. Have system administrators from the outsourcer who are so slammed with work that if it doesn’t have a ticket assigned to it and ain’t on fire, they aren’t going to notice its existence.
6. Own and run the IDS/firewall/logging yourself.
7. Configure the servers using only freeware so that additional procurements don’t show up on the books.
8. Party on.
Notice I haven’t put any names in here so that they didn’t have to be changed ...
on 04/11 at 11:03 AM:
“That? Oh, that’s just another wsus server which keeps us patched. Moving along...” When it’s really hosting Halo servers, a few Ventrilo sessions, and an IRC server.
What, did you get caught?