Guards are not Air Gaps

“An air gap is a network security measure that consists of ensuring that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network.”  (Wikipedia)

Note the emphasis in the word physically.

A number of forums have discussed whether data diodes are equivalent to air gaps in one direction, including a number of articles on this blog.   In reality you can argue it both ways.

Continue reading “Guards are not Air Gaps”

What is the difference between a Guard and a Gateway?

Guards and gateways are full application layer proxies that connect to two or more networks.  They accept data passed on an inbound network interface, ‘process it’, and then pass data to the outbound network interface.   The difference between the two is in the ‘process it’ step.
Continue reading “What is the difference between a Guard and a Gateway?”

Observations on the Forrester Report — Strategy Deep Dive: Define Your Data

The Forrester report  Strategy Deep Dive: Define Your Data (free download, registration required) has an in-depth look at the topic of data classification and defines a framework for data protection, but appears to lack in detail on the “defending the data” step.

Continue reading “Observations on the Forrester Report — Strategy Deep Dive: Define Your Data”