Guards are not Air Gaps
“An air gap is a network security measure that consists of ensuring that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network.” (Wikipedia)
Note the emphasis in the word physically.
A number of forums have discussed whether data diodes are equivalent to air gaps in one direction, including a number of articles on Cyber Matters. In reality you can argue it both ways.
One thing is absolutely certain however. A data guard, allowing a two way data flow, is absolutely not an air gap and is not equivalent to an air gap. A data guard enables communication between two networks under strictly controlled conditions – it does not physically separate the networks, but can provide separation at the network layer. Air gaps provide physical separation, in order to manage different threats.
To someone concerned with network security this should matter. It is important to address the business requirement using the appropriate technology. That is why Nexor have a portfolio of flow control products and on Cyber Matters we try to explain concepts that even some experts get confused about. What you will not find us doing at Nexor or on Cyber Matters is trying to market a Guard as an Air Gap, they are different things which solve different problems.
This article was originally posted on the Cyber Matters blog – which gives “bite-size insight on cyber security for the not too technical”.
Author Bio - Colin Robbins
Colin Robbins is the Innovation Director at Nexor. He has specific technical experience in Secure Information Exchange & Identity Systems and is credited as the co-inventor of LDAP. His current focus is solving customer security challenges in Cloud and IoT environments.
Be the first to know about developments in secure information exchange