Li-Fi Security

Li-Fi has been widely talked about, largely due to its capability to deliver a high data rate wireless connectivity.

Li-FI has some very interesting security characteristics too.

Q: When is a Diode not a Diode?

A: When it’s a Transistor or a Zener diode.

Continue reading “Q: When is a Diode not a Diode?” →

More on Air Gaps

While Air-Gaps are a good conceptual solution, in practice beyond Schneier’s single PC example, they are very hard to achieve. There is nearly always a backdoor to be found somewhere that an attacker can exploit.
Continue reading “More on Air Gaps” →

Non-Routable Protocols and Networks

Network segregation is a common security technique to prevent security issues in one network affecting another. When looking at how information can be moved or shared between such networks the concept of routable protocols, and the opposite non-routable protocols are often used. We also see the term routable / non-routable networks. They are not the same thing, let’s explain…
Continue reading “Non-Routable Protocols and Networks” →

Guards are not Air Gaps

“An air gap is a network security measure that consists of ensuring that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network.” (Wikipedia)

Note the emphasis in the word physically.

A number of forums have discussed whether data diodes are equivalent to air gaps in one direction, including a number of articles on this blog. In reality you can argue it both ways.

Continue reading “Guards are not Air Gaps” →

Validating the Payload

In the blog Secure Delivery of a Payload we discussed how secure information exchange consists of two distinct elements: the information you need to convey – the payload, and the technical method used to carry the payload – the protocol. Attackers wishing to break into your network can exploit either of these: the protocol or the payload.
Continue reading “Validating the Payload” →

Secure Delivery of a Payload via a Protocol Break

A secure information exchange consists of two distinct elements: the information you need to convey – the payload, and the technical method used to carry the payload – the protocol. Attackers wishing to break into your network can exploit either of these: the protocol or the payload.

In this blog we briefly look at protecting protocol-based attacks. In a future blog we will look at content-based (payload) attacks.

Continue reading “Secure Delivery of a Payload via a Protocol Break” →

Diodes are Diodes, Guards are Guards

Over the last 3-5 years Data Diodes have grown in popularity as a solution for moving data between isolated networks. With this has come creative marketing to leverage the term ‘Diode’ for solutions that are anything but.

Let’s just take a few moments to revise some of the fundamental modes of secure information exchange.

Continue reading “Diodes are Diodes, Guards are Guards” →

Diode Applications: Secure Printing

In this blog series, I have been exploring applications for Data Diodes. This week, I look at the issue of printing between different networks.

Continue reading “Diode Applications: Secure Printing” →

Tag: Data Diode