Security Basics mailing list archives
RE: One computer two different networks
From: "Hagen, Eric" <hagene () DenverNewspaperAgency com>
Date: Thu, 12 Oct 2006 12:13:56 -0600
I read it as a stricly recieve-only solution. For example, it could be desirable to recieve incoming UDP data streams, while maintaining NO possibility for return traffic. However, TCP (and therefore, 99% of Internet application usage) would be impossible by its nature of requiring two-way communication. So what good is it to allow incoming data streams without any outgoing? I guess I can see an example.... a TOP SECRET network could accept incoming signals from remote transponders all over the world via UDP... then combine them into secret data about troop movements.... I could see uses for government agencies.... Still, I don't see this being all that useful in most cases and frankly and it definately doesn't solve the "access to the Internet" problem. Eric -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]On Behalf Of Steve Sent: Wednesday, October 11, 2006 1:07 PM To: davidthomastuck () aol com Cc: security-basics () securityfocus com Subject: Re: One computer two different networks What does this thing actually do? The ad says it's a 'data diode'?!?!? That is not only impossible, it would be pointless. Is there an actual description of it on the website? That doesn't ramble on about optically isolating me from the bad scary data? I don't care if your packets come in via an opticially isolated circuit, and electrically isolated circuit, or a positronic brain the packets still have to leave your machine to initate either a get or post request, and both still have the ability to send data to the 'internet end'. If it's a small IDS or IPS or both, I still don't see any need for optical isolation. I'm smelling snake oil. Thanks, Steve. davidthomastuck () aol com wrote:
Tenix Datagate is an excellent product but provides a genuine one-way data path (simplex overflow only, no handshaking) by using an opto-isolator. It is a specialised product that allows system A to broadcast data to system B but totally prevents the export of any information from B to A (hence its ITSEC E6 rating). Browsing the internet from a computer that works at SECRET is a concept that will give any security specialist nightmares, be VERY careful and get approval for your solution FIRST. The best solution might well be to provide additional PCs for those who NEED regular internet access and shared PCs for those who need it occasionally. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- RE: One computer two different networks, (continued)
- RE: One computer two different networks Chris Poulter (Oct 11)
- RE: One computer two different networks Hagen, Eric (Oct 11)
- RE: One computer two different networks mn19522 (Oct 11)
- RE: One computer two different networks evb (Oct 11)
- Re: Re: One computer two different networks davidthomastuck (Oct 11)
- Re: One computer two different networks Steve (Oct 11)
- RE: One computer two different networks Hagen, Eric (Oct 11)
- Re: One computer two different networks krymson (Oct 11)
- Re: Re: One computer two different networks davidthomastuck (Oct 13)
- Re: Re: One computer two different networks anonymous (Oct 13)
- RE: One computer two different networks Hagen, Eric (Oct 13)
- Re: One computer two different networks Ansgar -59cobalt- Wiechers (Oct 15)
- RE: One computer two different networks Laundrup, Jens (Oct 13)
- Re: RE: One computer two different networks nigel_barnes (Oct 15)
- RE: One computer two different networks Hagen, Eric (Oct 16)
- Re: One computer two different networks Ansgar -59cobalt- Wiechers (Oct 16)