>> Oh, quite the contrary. It just forces the attacker to get clever. > > If your server only sends data through an "outgoing data diode", then it > does not expose any entry point (you just disable all services : no SSH, > no ping, no HTTP... nothing). There is no way you can establish a > connection to the server. How can you hack a server if you have > absolutely no way to access it from the outside ? It seems just impossible.
The data diode is a one-way link, yes. But there are so many ways to gain access to machines that putting too much faith in a data diode to protect your systems is deeply foolish. A data diode can make *one particular link* a one-way data link. That's genuinely useful in the context of a complete security solution that looks holistically at the threat. But no, they don't make a system unhackable. Lateral movement through networks is a thing. Look into it. :) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
