<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Take a look at a "data diode" that's
pretty much exactly what you are trying to achieve there.<br>
<br>
If your data rate were low enough (and for many I presume it would
be) you could dump the data over serial and physically break the
return line.<br>
<br>
<br>
<br>
On 06/03/17 00:52, Paul Wilkins wrote:<br>
</div>
<blockquote
cite="mid:CAMmROTJLtLRZZ2sEbhSV=pxiSthNGnGPD=n1bOtuU-OuciA7JA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>
<div>Eric,<br>
</div>
I see lots of options for securing the DR data, and defense
in depth is obviously all to the good. What I don't see is
an option for disabling reads on 1) the file systems, 2) the
media. There is no operational or otherwise justification
for this data to be online - ever - until you get a warrant.
It should be possible eg. in Selinux to disable read ioctls
so your data is encrypt, dump, and forget.<br>
<br>
</div>
Kind regards<br>
<br>
</div>
Paul Wilkins<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 5 March 2017 at 14:56, Mister Pink <span
dir="ltr"><<a moz-do-not-send="true"
href="mailto:misterpink@gmail.com" target="_blank">misterpink@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">
<div>Hi All,</div>
<div> </div>
<div>As part of un upcoming talk at AusCert in May
entitled 'Look Who's Talking', I am conducting some
research into the technical application of the data
retention legislation across the Industry in Australia.</div>
<div><br>
</div>
<div>Much has been said about the security issues
surrounding the retention of this data, most notably
that it is a potential 'Honey Pot' for hackers, so I am
interested to understand the level of security controls
that carriers have or are planning on deploying to
protect the resulting data.</div>
<div><br>
</div>
<div>If you have 10 minutes, I would really appreciate it
if you could fill in, or alternatively forward this
survey to the person within your organisation
responsible for your DR Solution, and in return I will
share my analysis with the respondents.</div>
<div><br>
</div>
<div><a moz-do-not-send="true"
href="https://goo.gl/forms/FKmptlZ4g4ra4jOC2"
target="_blank">https://goo.gl/forms/<wbr>FKmptlZ4g4ra4jOC2</a><br>
</div>
<div><br>
</div>
<div>All responses will be in confidence.</div>
<div><br>
</div>
<div>Many thanks in advance</div>
<div><br>
</div>
<div><br>
</div>
<div>Eric Pinkerton</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a moz-do-not-send="true"
href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a moz-do-not-send="true"
href="http://lists.ausnog.net/mailman/listinfo/ausnog"
rel="noreferrer" target="_blank">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a><br>
<br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<p><br>
</p>
</body>
</html>