Bridging the Air Gap: Cross Domain Solutions

Presented at BSidesLV 2014, Aug. 5, 2014, 4:55 p.m. (30 minutes)

For years the government has been using CDS to bridge networks with different classification levels. This talk will focus on what CDS systems are, how they're built, and what kind of configurations are common in the wild. Furthermore, we'll look at testing techniques to evaluate the security of these systems and potential ways to exploit holes in configuration and design. We'll also look at the ways the commercial world might benefit from a data and type-driven firewall as well as some of the downfalls and negative aspects of implementing a cross-domain system.

Presenters:

• Patrick Orzechowski
  Shifty is a veteran of over a decade in the infosec industry, some computer science schooling, dozens of conferences, and multiple brain-arcings. His particular area of interest is data-driven security, whether it's mining actionable intel from mountains of metadata or protecting systems from unwanted activity. He spent a significant amount of time certifying and penetration testing Cross Domain Solutions for the government with varying degrees of success.

Links:

• https://bsideslv2014.sched.com/event/1oNLp3S/bridging-the-air-gap-cross-domain-solutions
• https://infocon.org/cons/Security BSides/BSides Las Vegas/BSides Las Vegas 2014/bridging the air gap cross domain solutions patrick orzechowski.mp4

Similar Presentations:

• May Contain Hackers (MCH2022) / Running a Domain Registrar for Fun and (some) Profit
• DEF CON 18 (2010) / Deceiving the Heavens to Cross the Sea: Using the the 36 stratagems for Social Engineering