Tag Archives: Data Diode

Q: When is a Diode not a Diode?

1 Apr

A: When it’s a Transistor or a Zener diode.

Continue reading

More on Air Gaps

17 Mar

While Air-Gaps are a good conceptual solution, in practice beyond Schneier’s single PC example, they are very hard to achieve. There is nearly always a backdoor to be found somewhere that an attacker can exploit.
Continue reading

Non-Routable Protocols and Networks

10 Mar

Network segregation is a common security technique to prevent security issues in one network affecting another. When looking at how information can be moved or shared between such networks the concept of routable protocols, and the opposite non-routable protocols are often used. We also see the term routable / non-routable networks. They are not the same thing, let’s explain…
Continue reading

Guards are not Air Gaps

9 Dec

“An air gap is a network security measure that consists of ensuring that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network.”  (Wikipedia)

Note the emphasis in the word physically.

A number of forums have discussed whether data diodes are equivalent to air gaps in one direction, including a number of articles on Cyber Matters.   In reality you can argue it both ways.

Continue reading

Validating the Payload

10 Nov

In the blog Secure Delivery of a Payload we discussed how secure information exchange consists of two distinct elements: the information you need to convey – the payload, and the technical method used to carry the payload – the protocol. Attackers wishing to break into your network can exploit either of these: the protocol or the payload.
Continue reading

Secure Delivery of a Payload via a Protocol Break

21 Oct

A secure information exchange consists of two distinct elements: the information you need to convey – the payload, and the technical method used to carry the payload – the protocol. Attackers wishing to break into your network can exploit either of these: the protocol or the payload.

In this blog we briefly look at protecting protocol-based attacks. In a future blog we will look at content-based (payload) attacks.

Continue reading

Diodes are Diodes, Guards are Guards

15 Sep

Over the last 3-5 years Data Diodes have grown in popularity as a solution for moving data between isolated networks. With this has come creative marketing to leverage the term ‘Diode’ for solutions that are anything but.

Let’s just take a few moments to revise some of the fundamental modes of secure information exchange.

Continue reading

Diode Applications: Secure Printing

12 Nov

In this blog series, I have been exploring applications for Data Diodes.  This week, I look at the issue of printing between different networks.

Continue reading

Diode Applications: Secure Network Monitoring

10 Oct

For the third article in the Data Diode blog series, I explore Audit and Monitoring between Domains.

Continue reading

Diode Applications: Secure Windows Updates

27 Aug

In this blog series, I have been exploring applications for Data Diodes.  This week, I look at the issue of getting Windows Updates into a segregated network — securely.
Continue reading

Follow

Get every new post delivered to your Inbox.

Join 646 other followers