SurlyDoug.com | Those easily offended beware! |
• Introduction
|
Life is sexually transmitted … and fatal.
Tuesday, 25 October 2011
Air Gaps, People, Air Gaps!
I'm trying to figure out why? Why is this possible? Why are systems with top secret information in them connected to the global Internet in any fashion whatsoever? Generations of infosec professionals understand “air gaps”. Once known as red-black network architectures, the basic idea revolves around never providing a data connection between a secure network and any insecure and/or unsecured networks. Some implementations require a specific physical distance between any componenets of the two networks. For example, the policy might literally require six or more feet of physical separation between electonic components of the secure (black) network and any electronic equipment reachable over the insecure/unsecured (red) network, including the physical wires of the networks. Yes, this can be an inconvenient arrangement. It drastically increases the effort required to move data between the two networks. That's the whole point! The problem is that it makes it just as difficult for the “good guys” to move information from from the red network to the black as for the “bad guys” to get data from the black network to the red. Information can still make the jump in either direction, but it requires a lot more effort, and physical access. And I'd guess that inconvience lies at the root of the problem. The inconvenience ends up being considered as a greater problem than the risk of disclosure of the “secure” information.
Tasty!
|