Isolations For Security

Table of Content:

1. Introduction
2. Isolating hardware adaptor
3. Air gap isolation
4. Private exchange tunnel
5. Reference
6. See also
7. External links

Introduction:

When people talk about Internet, data sharing, and so on, there is almost always a discution of security issues, attacks. There are three major catagolies of attacks, physical, protocal and application. Connection lost due to envirment or done hostility are physical attacks; fake IP, Teardrop attack, SYN Flood are protocal attacks; Illegal URL, pages containing hotility script, virus email are the examples of applicaton attacks.

In the need of protecting networks from various new ways of attacking, network isolation was created.It's goal is to isolate the hotility attack outside the trusty network,and make sure the data is not leaking while exchange. Firewall is one basic way of network isolation. However, as the level of attacking is increasing, there are different new technologies introduced: Isolating hardware adaptor, air gap isolation, private exchange tunnel and many more.

Figure 1 [2]

Isolating hardware adaptor:

Isolating hardware adator is to isolate internal network and external network by install a hardware adator in the computer. It includes network isolation and data isolation. Network isolation is to isolate the internal and external network so that both networks have no physical connection. Data isolation is this device's major fucntionality. It isolates the data in both internal and external network and make sure one cannot visit another's data to prevant data leaking, external network virus, hacking.

Air gap isolation:

Figure 2 [3]

Air gap refers to a physical separation of two networks(Internal, External). The idea is come from "sneaker-net" where the only connection between two devices or networks is via a human being providing media-switching, ie: floppies, CDs. In order to move data from the internal network to the external, it is necessary to write data to a the physical medium, and move it to a device on the latter network.[1] The idea is to have a shared physical medium between both networks. Convention and consensus per policy is generally that data can move external-internal with minimal processes while internal-external requires much more stringent procedures to ensure protection of the data at a higher level of classification.[1] It isolates the protocal attacks and also improves the protection from application attack.

Private exchange tunnel:

Figure 3 [3]

As show on the figure 3,in private exchange tunnel, we still have two networks, internal and external, each connect to a trusty network and untrusty network.It uses private high speed tunnel, private tunnel protocal authenticating and/or encrypting to realize high speed data exchange under network isolation.

Reference:

1. Wikipedia volunteers. last modified 19:12, 16 March 2007
   URL: http://en.wikipedia.org/wiki/Air_gap_%28networking%29
   
   
2. YiLan, Chinese computer newpapar. Sep 8, 2003
   URL: http://tech.ccidnet.com/art/1099/20030908/62946_1.html
   
   
3. GuDuJianKe, "Commerencial security isolation technology", Dec 2003.
   URL: http://xcon.xfocus.net/xcon2003/archives/Xcon2003_janker.pdf

See also:

1. Iris recognition
2. Phishing

External links:

• Wikipedia
• Chinese IT Wiki

Main Develop: Howell Wang

Last Modified: 11:41pm March 30, 07