Why not keep the "ThinAir" concept, and use an optically-isolated link?
A one-way connection: just like your floppies...

On Sun, 29 Nov 1998, Dianelos Georgoudis wrote:

:Date: Sun, 29 Nov 1998 22:20:29 -0600
:From: Dianelos Georgoudis <[EMAIL PROTECTED]>
:Subject: Is a serial cable as good as thin air?  
:    We are installing home banking systems where the Internet Server
:    is separated from the bank's computer center by air. Data is moved
:    periodically back and forth using low tech but dependable floppy
:    disks that carry only encrypted data (the principle of red/black
:    separation is implemented by loading only encrypted data on the
:    server). This "air-wall" is an effective way to stop hackers from
:    penetrating the bank's computer center using its Internet
:    services. This works quite well with services such as users'
:    credit-card queries.
:    Now, we have a potential client insisting on on-line transaction
:    capability. One possible solution is to connect the Internet
:    server with a PC on the bank's private network using a serial
:    cable. We would write our own transmission protocol. The PC
:    working on the bank's network would run a memory resident program
:    that services the serial port and will discard any blocks that do
:    not decrypt properly or have an invalid structure (only blocks
:    that decrypt into the correct data structure would be processed at
:    all). Here is the question: Is this as good as thin air? Can you
:    see any way a hacker could use such a connection to penetrate the
:    bank's network?
:Dianelos Georgoudis

J.A. Terranson

If the Government wants us to behave,  
they should set a better example!

Reply via email to