Diode Applications: Secure Network Monitoring

October 2013

For the third article in the Data Diode blog series, I explore Audit and Monitoring between Domains.

Monitoring activity in a network is critical to maintain the availability of systems and reduce the likelihood of an attack affecting business operations. Where an organisation has multiple networks, monitoring becomes more difficult and less manageable. Monitoring each network separately is an option, but a single overall view of all networks is not achieved and the cost of monitoring can be higher.

Aggregating, correlating and collating audit and monitoring information into a single, central location provides an overall view of all networks and a single place in which to view and analyse the data. To achieve this single view, all monitored networks are connected via the monitoring system, which introduces the new risk that data may flow between the networks, creating malware and data loss vulnerabilities.

By using a data diode based application, it is possible to ensure that monitoring information is securely passed from the monitored network to the monitoring system, while ensuring that NO data can leak back from the monitoring system to the monitored network. Additionally a careful diode configuration can ensure there is no risk of malware cross infection between the monitored networks.

Interested in finding out more details about securely obtaining monitoring data from your networks? Contact me, or leave a comment below.

Author Bio – Colin Robbins

Colin Robbins is Nexor’s Managing Security Consultant. He is a Fellow of the IISP, and a NCSC certified Security and Information Risk Adviser (Lead CCP) and Security Auditor (Senior CCP). He has specific technical experience in Secure Information Exchange & Identity Systems and is credited as the co-inventor of LDAP. He also has a strong interest in security governance, being a qualified ISO 27001 auditor.