For the third article in the Data Diode blog series, I explore Audit and Monitoring between Domains.
Monitoring activity in a network is critical to maintain the availability of systems and reduce the likelihood of an attack affecting business operations. Where an organisation has multiple networks, monitoring becomes more difficult and less manageable. Monitoring each network separately is an option, but a single overall view of all networks is not achieved and the cost of monitoring can be higher.
Aggregating, correlating and collating audit and monitoring information into a single, central location provides an overall view of all networks and a single place in which to view and analyse the data. To achieve this single view, all monitored networks are connected via the monitoring system, which introduces the new risk that data may flow between the networks, creating malware and data loss vulnerabilities.
By using a data diode based application, it is possible to ensure that monitoring information is securely passed from the monitored network to the monitoring system, while ensuring that NO data can leak back from the monitoring system to the monitored network. Additionally a careful diode configuration can ensure there is no risk of malware cross infection between the monitored networks.
Interested in finding out more details about securely obtaining monitoring data from your networks? Contact me, or leave a comment below.
Once Upon a Camayoc 
I’m planning to do something along these lines for an environment I’m building, very shortly :-). It’s a great way to do log analysis across a whole co-lo while maintaining separation assurance between customers, and if you can chain aggregators / analysers in a hierarchy so that a customer can get their own dedicated aggregation and analysis before the data then goes to system high, it’s a double win.
While I have my platform of choice, the next big question is which (hierarchical) log aggregation, analysis and alerting components to go for; I’m definitely spoiled for choice, these days…
LikeLike
If your environment is for UK government customer, please be aware there is a CESG architectural design pattern you should consider following.
LikeLike