RE: Air gap technologies

["daN." <dan () nesmail com>]

You've added another layer of obfuscation but nothing more...all the 
attacker would have to do is emulate the software or not cause the Security 
Heartbeat to crash and you are back where you started.  Unfortunately there 
is no golden egg to security.  If some packets can get it, someone will 
find a way of getting something unwanted onto your network.  All you can do 
is put up more firewalls better intrusion detection and stay vigilant.

daN.


> However, I believe such an air gap (literally!) is possible. Imagine
> a proxy combo connected via serial cable (for example). Imagine the
> serial cable A connecting the internal proxy and 'a mystery box', and
> cable B connection the mystery device and the external proxy. The
> external proxy, in normal working condition, sends a heartbeat to the
> device, which is nothing else than a RELAY kept alive by the
> heartbeat. Should the proxy get compromised, and normal routines
> providing security (and the heartbeat) are terminated, then the
> missing heartbeat would cause the device to actually fail shut (in
> other words, cause the relay to open). And there you have it! An air
> gap between the relay contacts! You internal network is safe.
>
> Resetting the system would require operator intervention where the
> operator has to push and hold a button on the device until the proxy
> has been restarted and the heartbeat is beating again.
>
> Doesn't this sound like a nice, little weekend project?  ;)
>
> Regards,
> Frank

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards