On Nov 14, 2011, at 9:24 AM, Joe Greco wrote:
Getting fixated on air-gapping is unrealistically ignoring the other thre= ats out there.
I don't think anyone in this thread is 'fixated' on the idea of airgapping;=
No, but it's clear that there are many designers out there who feel this is the way to go. That's why it's a good idea to cover the ground anyways.
but it's generally a good idea whenever possible, and as restrictive a com= munications policy as is possible is definitely called for, amongst all the= other things one ought to be doing.
I think the part people forget about is that last part, "amongst all the other things one ought to be doing."
It's also important to note that it's often impossible to *completely* airg= ap things, these days, due to various interdependencies, admin requirements= (mentioned before), and so forth; perhaps bastioning is a more apt term.
If it didn't turn into a situation where everyone's bastardizing^Wbastioning your network in insecure ways. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.