Re: Air gap technologies

[daw () mozart cs berkeley edu (David Wagner)]

Elad Baron  wrote:
> And again, none of these protocols were
> designed with security in mind (for example, SCSI protocol relies on the
> "honesty" of the bus members when doing its negotiation - the lower SCSI ID
> member should stop using the bus after it loses to a higher number).

Can you clarify your threat model?  Are you trying to defend
against attackers with physical access to the SCSI bus?  (seems
unlikely)  Or, just trying to prevent the external host from
being able to attack the internal host's protocol stack in case
the external host gets compromised?  (seems more likely, but still
highly unlikely that this is dominant failure mode for a firewall)

In either case, what's wrong with just using a serial cable?
It seems just as good for all security purposes that I can think
of.  I'd love to be enlightened, though, if I went wrong somewhere.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards