Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Worms, Air Gaps and Responsibility

From: "Paul D. Robertson" <paul () compuwar net>
Date: Wed, 5 May 2004 11:04:11 -0400 (EDT)
On Wed, 5 May 2004, Karl Mueller wrote:


Maybe one reason is this the trend to route mission critical info over the
Internet (albeit over VPN tunnels). We'd like to say that you MUST use
private lines for really secure information, but money tends to talk in
these situations. Since a lot of networks span multiple sites, and WAN
prices don't scale well, buisnesses are turning to the Internet and VPNs as
a way to make their sites well-connected without the cost of a full-mesh FRS
or private-line network. Of course a well-configured VPN router will block
all traffic that does not come through the tunnel, this is still not an 'air
gap' since you're still physically connected to the Internet. In this case,
one small config error on your firewall/VPN endpoint opens up your entire
network to the Internet.


I was predominately focusing on the gap being between "business" networks
and "production" networks- regardless of VPN/WAN issues.  Most of the risk
these days comes from desktops, there's no reason the PC in the mail room
needs to be able to hit the CAT scanner in a hospital, for instance.  Even
if your hospital's CAT scanner is VPNed to another hospital's diagnostics
expert.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: