A secure information exchange consists of two distinct elements: the information you need to convey – the payload, and the technical method used to carry the payload – the protocol. Attackers wishing to break into your network can exploit either of these: the protocol or the payload.
In this blog we briefly look at protecting protocol-based attacks. In a future blog we will look at content-based (payload) attacks.
Over the last 3-5 years Data Diodes have grown in popularity as a solution for moving data between isolated networks. With this has come creative marketing to leverage the term ‘Diode’ for solutions that are anything but.
Let’s just take a few moments to revise some of the fundamental modes of secure information exchange.
In this blog series, I have been exploring applications for Data Diodes. This week, I look at the issue of printing between different networks.
For the third article in the Data Diode blog series, I explore Audit and Monitoring between Domains.
In this blog series, I have been exploring applications for Data Diodes. This week, I look at the issue of getting Windows Updates into a segregated network — securely.
In this blog series, I will explore applications for Data Diodes. In the first of the series, we’ll look at providing secure access to remote CCTV cameras, in unsecured location.
A recent article in the NY Times claims:
The vast majority of targeted computer attacks now start with a malicious e-mail sent to a company employee. Now evidence suggests that the same technique could be used to attack watersheds, power grids, oil refineries and nuclear plants.
This cannot be allowed to happen, here I explore the issue in a little more detail.
Nexor have just released a briefing paper Air-Gaps, Firewalls and Data Diodes in Industrial Control Systems looking the issues around segregating industrial control system networks. What works best: Air Gaps, Firewalls or Data Diodes?
The Data Diode technical model to achieve a one way network connection is relatively simple. However when you start to consider trust and assurance, it gets more complex.
Is it viable to build a Data Diode for $1612?