Re: Effectiveness of Severing Network Connection to Protect a Computer From Attack

From: Alun Jones [MS MVP] (alun_at_texis.com)
Date: 06/16/03 

Date: Sun, 15 Jun 2003 22:25:07 GMT

In article <evLgf52MDHA.2256@TK2MSFTNGP11.phx.gbl>, "Dave Patrick"
<mail@Nospam.DSPatrick.com> wrote:
>Yes, just as good.

IMHO, that's a tad misleading. If you unplug all network cables to a
machine, you've created a physical "air gap". If you merely click
"disconnect" on each network connection in the control panel, you've created
a _virtual_ air gap. You've told the software to act as if the cable has
been disconnected.

The difference occurs in the (admittedly unlikely) scenario that an attacker
has already got some code to run on your machine _and_ believes that you
might try to disconnect the network connections in the control panel.

After all, any action that can take place through software under the user's
control may be subverted to take place (or be reversed) through an
attacker's control. Hence, with hostile code running on your machine, an
attacker _could_ have that hostile code continually check that the network
connection is up, and reconnect it when it gets disconnected. Obviously,
the attacker can't do that if you physically unplug the cables.

In practice, of course, you're likely to stop the attacker from sending code
your way if you tell the machine to disconnect in software - but it's not
exactly as good as unplugging all network cabling. Someone could, in
theory, with ideal conditions and a prevailing wind, subvert that and
prevent or reverse such an action. Physical disconnection is more final,
more secure.

Alun.
~~~~
[I don't even want to get into what you would do if you have a wireless
card!]

Relevant Pages

  • RE: Ndis.sys missing during dualboot install
    ... Unplug or USB sotrage devices and disconnect from the network (unplug the ... I am trying to install Vista in another partition of my harddrive but every ...
    (microsoft.public.windows.vista.installation_setup)
  • Re: Rainbow Six Vegas 2 (PS3) plagued by online problems
    ... I believe with the Sony network that publishers are able to offer ... don't have wireless networks in their homes. ... having loose cables all over the place (as is the case in my house ...
    (alt.games.video.xbox)
  • Re: Digital Upgrade
    ... I was always suspicious of alleged 'Network' faults that only affected one customer - usually with good reason! ... This particular CATV network used the Switched Star sysyem which HMG wanted to be used by all cable operators in the UK; the period of early licences was about 50% longer for Switched Star than for Broadband systems. ... I found myself looking at a chop bone wedged in the top of the duct and two drop cables stripped bare for about 15 - 20 cm. ... There was even enough coupling of control signals back to the switch to randomly allow each STB to change channels on both subs line cards at the same time! ...
    (uk.tech.digital-tv)
  • Re: [OT] Anyone have shares in an ISP?
    ... One of the reasons that the UK has a much better mobile phone ... installation of a damned fine network or two. ... The early days of mass cellphone adoption in the UK is what I meant - ... builders put cables in for cable TV *before* colour telly came in? ...
    (uk.comp.sys.mac)
  • Re: HELP... cant get it connected to my router for internet etc..
    ... DHCP Clients). ... If replacing the cables doesn't work.. ... or a busted network card on the computer. ... This indicates that the DHCP server in your router is working. ...
    (microsoft.public.windows.mediacenter)