Tue Mar 10 20:41:42 PDT 2015

Zones: Zone separation verification: How is zone separation verified?


Option 1: Use passive out-of-line zone separation sensors for verification.
Option 2: Use passive inline zone separation sensors and actuators for verification.
Option 3: Use endpoint detection and correlation to passively sense zone separation failures.
Option 4: Do not passively sense zone separation failures.
Option A: Do not actively test zone separations.
Option B: Use test vectors in conjunction with zone separation verification sensors.
Option C: Do penetration testing to verify zone separation.



Passive zone separation verification is the use of sensors to passively verify that zone separation is properly operating. Without some way to detect separation failures, accidental and intentional failures and bypasses will simply continue to operate indefinitely. This is sometimes identified as,and is similar to intrusion prevention, but it is oriented toward enforcement of zone policies rather than known attack or leakage detection or prevention. This is also used to verify chain of custody and provide transparency associated with assurances of proper operation.

Inline passive verification and mitigation: Inline passive verification is an inline sensor that detects bypass of zone separation mechanisms and interrupts content flows when zone bypass is detected.

Out-of-line passive verification: Out-of-line passive verification is used to detect separation bypass and report it so that mitigation can be handled through the normal operational process rather than through automated response. It tends to be used where availability is more critical than other protective requirements.

Use endpoint detection: In this approach, endpoint sensors are correlated to detect separation failures. This is problematic because these sensors tend not to detect these sorts of policy violations, they are subject to direct attack, they require explicit correlation and analysis, and they tend to see only select zone traffic.


Testing zone separation is key to achieving assurance that zones are working properly. In addition to using zone separation verification through sensors, additional testing can and should be undertaken to induce signals on each size of the zone separation mechanism that, in conjunction with the sensors used to verify separation, actively shows that the separation is properly operating and detects failures in earlier than would otherwise be likely.

Test vector generation: This approach creates test vectors intended to demonstrate that separation mechanisms are not properly operating. It uses zone separation verification sensors to determine which test vectors pass the separation mechanism and which do not in order to systematically verify that separation is working properly.

Penetration testing: This method uses automated and expert testers to attempt to identify and exploit systems and vulnerabilities in systems within zones from other zones in order to verify that the zone separation is working properly.

Copyright(c) Fred Cohen, 1988-2015 - All Rights Reserved