Security Basics mailing list archives

RE: One computer two different networks

From: "Hagen, Eric" <hagene () DenverNewspaperAgency com>
Date: Thu, 12 Oct 2006 12:13:56 -0600

I read it as a stricly recieve-only solution.  For example, it could be desirable to recieve incoming UDP data streams, 
while maintaining NO possibility for return traffic.

However, TCP (and therefore, 99% of Internet application usage) would be impossible by its nature of requiring two-way 
communication.

So what good is it to allow incoming data streams without any outgoing?  I guess I can see an example....  a TOP SECRET 
network could accept incoming signals from remote transponders all over the world via UDP... then combine them into 
secret data about troop movements....  I could see uses for government agencies....

Still, I don't see this being all that useful in most cases and frankly and it definately doesn't solve the "access to 
the Internet" problem.

Eric


-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]On Behalf Of Steve
Sent: Wednesday, October 11, 2006 1:07 PM
To: davidthomastuck () aol com
Cc: security-basics () securityfocus com
Subject: Re: One computer two different networks


 What does this thing actually do? The ad says it's a 'data diode'?!?!? 
That is not only impossible, it would be pointless. Is there an actual 
description of it on the website? That doesn't ramble on about optically 
isolating me from the bad scary data?

 I don't care if your packets come in via an opticially isolated 
circuit, and electrically isolated circuit, or a positronic brain the 
packets still have to leave your machine to initate either a get or post 
request, and both still have the ability to send data to the 'internet end'.

 If it's a small IDS or IPS or both, I still don't see any need for 
optical isolation.

 I'm smelling snake oil.

Thanks,
 Steve.

davidthomastuck () aol com wrote:

Tenix Datagate is an excellent product but provides a genuine one-way data path (simplex overflow only, no 
handshaking) by using an opto-isolator.  It is a specialised product that allows system A to broadcast data to system 
B but totally prevents the export of any information from B to A (hence its ITSEC E6 rating).
Browsing the internet from a computer that works at SECRET is a concept that will give any security specialist 
nightmares, be VERY careful and get approval for your solution FIRST.
The best solution might well be to provide additional PCs for those who NEED regular internet access and shared PCs 
for those who need it occasionally.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

RE: One computer two different networks, (continued)
- RE: One computer two different networks Chris Poulter (Oct 11)
- RE: One computer two different networks Hagen, Eric (Oct 11)
  - RE: One computer two different networks mn19522 (Oct 11)
  - RE: One computer two different networks evb (Oct 11)
- Re: Re: One computer two different networks davidthomastuck (Oct 11)
  - Re: One computer two different networks Steve (Oct 11)
- RE: One computer two different networks Hagen, Eric (Oct 11)
- Re: One computer two different networks krymson (Oct 11)
- Re: Re: One computer two different networks davidthomastuck (Oct 13)
- Re: Re: One computer two different networks anonymous (Oct 13)
- RE: One computer two different networks Hagen, Eric (Oct 13)
  - Re: One computer two different networks Ansgar -59cobalt- Wiechers (Oct 15)
- RE: One computer two different networks Laundrup, Jens (Oct 13)
- Re: RE: One computer two different networks nigel_barnes (Oct 15)
- RE: One computer two different networks Hagen, Eric (Oct 16)
  - Re: One computer two different networks Ansgar -59cobalt- Wiechers (Oct 16)