The other night I was reviewing an assessment report when I looked up at the TV and I realized that it was on HBO and the series Cathouse was showing. This show is about “the Moonlite Bunny Ranch, a legal brothel located in a sparsely populated desert community outside of Reno” so, of course, I was transfixed for the rest of the show. Well, right at the end of the episode, one of the women was leaving the house when the owner asked somebody to buzz her out. The camera was pointing out the front door and the woman walked through an iron gate which automatically closed behind her. I was just about to turn the TV off and get back to my report when I started realizing something about the show. This show is a great lesson in practical security through proper implementation. Let me walk you through the steps that a client has to go through to have access to the services provided at the Bunny Ranch.

1. The client is let in through the front door which is usually locked but, during acceptable access time periods, it is unlocked and traffic is allowed to enter through the single, monitored, entryway. I consider this the externally facing router.
2. Next the client enters a waiting room where he starts talking to the women that are waiting there to provide a service. I consider this waiting room the firewall. The clients are briefly inspected to determine if they are acceptable. You could also make the argument that this area also acts as an intrusion detection or prevention system.
3. Once it is determined that the client is acceptable he or she is lead back to the bedroom where a price is negotiated and payment is authorized. Here we are obviously talking about the service and how it is using proper authentication and authorization techniques to determine whether the client is permitted to use the service and how much privilege he or she will be given to perform the desired task.
4. While the client and the woman and client are interacting they are using safe sex techniques. This represents input validation. (New)
5. Once services have been rendered the woman who provided the service leads the client back to the waiting room and says goodbye. This resembles the proper termination of activity provided by the service.
6. As I saw during the final moments of the show, all outgoing traffic has to be given permission before it is allowed to leave the building. Obviously egress filtering is just as important at the Cathouse as it is within a network.
7. During the whole process the manager on-duty is moving around and talking to all the employees and keeping tabs on what is actually happening within the whole environment. This activity reminds me of log monitoring and a professional that is ready to take action at the first sign of trouble.

So, I feel that we could learn a lot from this very professional business. I am sure that the Bunny Ranch has come up with this process to protect itself and its clients. Need is the mother of all invention. So, if the oldest profession in the world is following this process out of necessity then we should all take heed.

This article is in honor of “Hack Naked” from Pauldotcom. Guys, this place obviously needs a penetration test (too obvious, no matter…it had to be said!).

Cutaway