06-26-2008 05:33 AM
Hi
I'm looking to implement a NOC for a data centre and there are obviously several design decisions to be taken relating to the connectivity and operation of the data centre. One of the options available is an air gap network, i.e. disconnected from all but the managed networks, and then all back-end connectivity will be firewalled. I was wondering if anyone had any experience of working in or deploying this environment and if so were the security benefits, i.e. not connected to the Internet, outweighed by the operational difficulties, e.g. no direct access to email etc. For example did a NOC start off as an air gap network and then migrate to a non air gap network due to issue of working with this model?
Any thoughts or comments would be appreciated.
Best regards
Malcolm
07-02-2008 10:34 AM
There has been a lot of writing on the Firewall-Digest and Firewall-Wizards mailing lists over the past months regarding SpearHead and AirGap. A lot of
it was confusion based on the name "AirGap" as it implies some sort of physical or electrical isolation or separation.
Technically, there are two PCs in there, a master and a slave. The slave is outside and the master is inside. The slave disassembles packets at a lower
layer for transmit over a shared bus to the master (and vice a versa). The packets are then reassembled and transmitted over the inside network.
There is little here. It does much, much less than a PIX. The web site offers no performance numbers at all (other than a claim of 25 to 30 mbps
throughput while doing content filtering).
07-04-2008 01:21 AM
Hi
Thanks for your reply, but in this context I am using the term "AirGap" to define physical seperation, i.e. the NOC network would not be connected the Internet or any networks connected to the Internet. This removal of connectivity is intended to eliminate the possibility of Internet based attacks. However, it does come with a down side, the increased process overhead for NOC staff.
Best regards
Malcolm
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: