My latest project is to set up a secure Minecraft server for my kids and their friends to play on. As I mentioned in my previous post, the usual recommendation to set up port forwarding on your router is a pretty bad idea. Normally, what is recommended is to set up a DMZ. I’ll do this in a bit (I had to order some stuff), but I’d like to talk about DMZs a bit, and how they are a terrible and misleading concept.
DMZs in History
I often look to history to understand IT ideas, and the DMZ is deeply rooted in history. Unfortunately, only one interpretation of a DMZ is a good one, and it’s for all bad reasons.
The Korean DMZ
The Korean DMZ is what springs to mind when people talk about a Demilitarized Zone. It’s a strip of land between two warring countries that both have agreed to keep clear, out of mutual distrust. On each side lies a line of towers and fortresses, and it is heavily guarded and mined. Both sides of the conflict agree to stay out, and it is built on a formal armistice that both sides agreed to.
Why is this a misnomer? First, hackers have NOT agreed with you to have an area that neither of you go where your servers are safe. If a DMZ is about intent, then you are the only person who intends your DMZ to be safe. If a DMZ is about removing threats, it’s a false sense of security, since hackers and the rest of the internet are sure not keeping out.
The Vietnamese DMZ
Spoiler alert: this one didn’t work out too well. It is, however, a better example of how a DMZ works when your opponent is more committed to victory than to following rules. The North Vietnamese used the DMZ however they needed to achieve victory, making it somewhat one-sided. Sadly, their use of the DMZ didn’t involve keeping it demilitarized.
What’s Wrong With a DMZ?
What’s wrong with a DMZ is that no one has agreed with you that they will respect a DMZ, and thus it’s not a DMZ. Further, calling it a DMZ is highly misleading. It puts a civilized veneer on what is essentially an open combat zone. Unfortunately, words have meaning.
The phrase ‘DMZ’ indicates control and agreement, which can easily lull you into a false sense of security. There is no such thing in the internet. When you tell a decision maker, or a person who is not fully understanding of the threats around you, that your server is ‘in the DMZ’, you are communicating a sense of safety. A very false sense of safety.
A Better Example
Before you start to change what you think a DMZ ought to be, it’s important to change your mental image of what it is now.
It is a blighted nightmare-scape where you have hopefully cleared all the obstacles between you and your foe and you are entrenched in a defensive standoff with them. Interestingly from the standpoint of the evolution of warfare, you have no offensive strategy (what, are you going to invade the internet?). Therefore you only need to be blocking, detecting, and protecting.
Your enemy will be trying to dig tunnels and mines, shell you from above, attack by stealth during the night, and any other tactics that they can use to breach your lines.
Moving Back To Go Forward
Before trench warfare, and before the highly mobile warfare of today, we had siege warfare, which is much more akin to network warfare. You are defending an immobile asset while a mobile enemy is attacking you from all sides. As I mentioned above, you are not trying to capture territory; you are trying to safeguard a keep.
What we need are Fortresses
As fortresses were built of stone, mortal, and moats, your fortress has only three building blocks: Wires, Math (the hard kind), and Process. IN my next post I’ll talk about what kind of fortress you need, and how that equates to network topology.
What I’m listening to as I do this: Rage Against the Machine’s Rage Against the Machine. Another good album for when you’re discussing cybersecurity.