Non-Routable Protocols and Networks

Network segregation is a common security technique to prevent security issues in one network affecting another. When looking at how information can be moved or shared between such networks the concept of routable protocols, and the opposite non-routable protocols are often used. We also see the term routable / non-routable networks. They are not the same thing, let’s explain…
Continue reading “Non-Routable Protocols and Networks”


Guards are not Air Gaps

“An air gap is a network security measure that consists of ensuring that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network.”  (Wikipedia)

Note the emphasis in the word physically.

A number of forums have discussed whether data diodes are equivalent to air gaps in one direction, including a number of articles on this blog.   In reality you can argue it both ways.

Continue reading “Guards are not Air Gaps”

Secure Delivery of a Payload via a Protocol Break

A secure information exchange consists of two distinct elements: the information you need to convey – the payload, and the technical method used to carry the payload – the protocol. Attackers wishing to break into your network can exploit either of these: the protocol or the payload.

In this blog we briefly look at protecting protocol-based attacks. In a future blog we will look at content-based (payload) attacks.

Continue reading “Secure Delivery of a Payload via a Protocol Break”

Diodes are Diodes, Guards are Guards

Over the last 3-5 years Data Diodes have grown in popularity as a solution for moving data between isolated networks. With this has come creative marketing to leverage the term ‘Diode’ for solutions that are anything but.

Let’s just take a few moments to revise some of the fundamental modes of secure information exchange.

Continue reading “Diodes are Diodes, Guards are Guards”