High security by AirGap structure brings an unsolvable problem of data transfer. If you do it wrong you destroy the kingdom.
How can we automate the data transfer and keep the AirGap security win?
Dont say dont transfer, we have to.
How can we automate the data transfer and keep the AirGap security win?
Under the usual definition (RFC 4949, where air gap means physical separation, and no automation), you can't automate it. Only manual transfer is possible. That's kind of the whole idea.
A manual gap (i.e. connecting network under manual control only) can't be automated.
If you need the automation, you need to decide who is the master who flips the switch to connect/separate the systems? The inside or the outside or neither? Each model brings on a new set of risks, and each needs to be evaluated – by you – to decide if it's an acceptable risk or not. The only thing I can say is that it isn't air gapped.
But this is more of a network security issue than a forensic issue.
If you mean physical separation instead of air gap (which i agree with athulins definition of), you can use a data diode to do transfers in or out from one domain to another, just don't set up two of them that enables 2-way communication…
Two softwares are needed, one UDP sender and an UDP receiver, both with flow rate. Data needs and a sequence number and a signature hash for the data so you know if A) something is missing and B) the end result is what you expect. Takes some time to get the maximum throughput set up properly, but once it's done it pretty much runs by itself. Send some heartbeat packets from time to time to get an early indicator to if the connection is down.
Make sure the diode is hardware and not some raspberry pie solution, anything done in software is setting yourself up for a breach and a disappointment.
Thank you both!
I agree this is a network security issue. But I though some FF members with great creativity may can and want help.
Hardware data diodes we already have. But they are expensive, very.
I speak about physical AirGap (real pollluted air between). For years we human-based bridged. Now runs a test system with a AI-slave (Deep Learning) and two human masters (5-eyes principle, machine 1 eye, humans 2 eyes each). Machine becomes better in proposing but eternal slave. But slave observes human failures. BTW slave has autarkic electric solar power.
On our lab-wall hangs
https://
No data transfer only works for military. But they have the same problem of boundaries e.g. with CTI-feeds into machines.
Hardware data diodes we already have. But they are expensive, very.
Depends on where you look, if you buy brand products they will charge lots for it. Setting up a simplex ethernet tap is way cheaper, i think they go for around €500.
Unlike data diodes that are public knowledge and even COTS products, high volume air gap transfer solutions are limited because some of us can not talk about those because of certain limitations for the next 40-ish years before a certain agreement runs out - if you know what i mean.
Best bet is to find make your own cheap data diode solution.
Just in case
https://
https://
jaclaz