Diode Applications: Secure Network Monitoring

10 Oct

For the third article in the Data Diode blog series, I explore Audit and Monitoring between Domains.


Monitoring activity in a network is critical to maintain the availability of systems and reduce the likelihood of an attack affecting business operations. Where an organisation has multiple networks, monitoring becomes more difficult and less manageable. Monitoring each network separately is an option, but a single overall view of all networks is not achieved and the cost of monitoring can be higher.

Aggregating, correlating and collating audit and monitoring information into a single, central location provides an overall view of all networks and a single place in which to view and analyse the data. To achieve this single view, all monitored networks are connected via the monitoring system, which introduces the new risk that data may flow between the networks, creating malware and data loss vulnerabilities.

By using a data diode based application, it is possible to ensure that monitoring information is securely passed from the monitored network to the monitoring system, while ensuring that NO data can leak back from the monitoring system to the monitored network. Additionally a careful diode configuration can ensure there is no risk of malware cross infection between the monitored networks.

Interested in finding out more details about securely obtaining monitoring data from your networks?  Contact me, or leave a comment below.

2 Responses to “Diode Applications: Secure Network Monitoring”

  1. Dave Walker November 12, 2013 at 23:52 #

    I’m planning to do something along these lines for an environment I’m building, very shortly :-). It’s a great way to do log analysis across a whole co-lo while maintaining separation assurance between customers, and if you can chain aggregators / analysers in a hierarchy so that a customer can get their own dedicated aggregation and analysis before the data then goes to system high, it’s a double win.

    While I have my platform of choice, the next big question is which (hierarchical) log aggregation, analysis and alerting components to go for; I’m definitely spoiled for choice, these days…

    Like

    • Colin Robbins November 13, 2013 at 10:02 #

      If your environment is for UK government customer, please be aware there is a CESG architectural design pattern you should consider following.

      Like

Please join the discussion, we welcome your views...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: