| 翻訳と辞書 |
| Air gap (networking) : ウィキペディア英語版 |
Air gap (networking)
An air gap or air wall〔(''Wiktionary: Airwall'' ), retrieved on 2010-05-13〕 is a network security measure, also known as air gapping,〔(''Whatis.com: Air gapping'' )〕 employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network.〔RFC 4949〕 The name arises from the technique of creating a network that does not have, and often has never had, an active unsecured connection, by having the two physically separated, with air in between. The air gap may not be completely literal, as networks employing the use of dedicated cryptographic devices that can tunnel packets over untrusted networks while avoiding packet rate or size variation can be considered "air gapped", as there is no ability for computers on opposite sides of the "gap" to communicate.
== Use in classified settings ==
In environments where networks or devices are rated to handle different levels of classified information, the two disconnected devices/networks are referred to as "low side" and "high side", low being unclassified and high referring to classified, or classified at a higher level. This is also occasionally referred to as red (classified) and black (unclassified). To move data from the high side to the low side, it is necessary to write data to a physical medium, and move it to a device on the latter network. Traditionally based on the Bell-La Padula Confidentiality Model, data can move low-to-high with minimal processes while high-to-low requires much more stringent procedures to ensure protection of the data at a higher level of classification.
The concept represents nearly the maximum protection one network can have from another (save turning the device off). It is not possible for packets or datagrams to "leap" across the air gap from one network to another, but computer viruses such as Stuxnet and agent.btz have been known to bridge the gap by exploiting security holes related to the handling of removable media. The possibility of using acoustic communication has also been demonstrated by researchers. Researchers have also demonstrated the feasibility of data exfiltration using FM frequency signals.
The upside to this is that such a network can generally be regarded as a closed system (in terms of information, signals, and emissions security) unable to be accessed from the outside world. The downside is that transferring information (from the outside world) to be analyzed by computers on the secure network is extraordinarily labor-intensive, often involving human security analysis of prospective programs or data to be entered onto air-gapped networks and possibly even human manual re-entry of the data following security analysis.
抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』
■ウィキペディアで「Air gap (networking)」の詳細全文を読む
スポンサード リンク
| 翻訳と辞書 : 翻訳のためのインターネットリソース |
Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.
|
|