Fri Apr 8 06:51:39 PDT 2016

Zones: Zone separation verification: How is zone separation verified?


Option 1: Use passive out-of-line zone separation sensors for verification.
Option 2: Use passive inline zone separation sensors and actuators for verification.
Option 3: Use endpoint detection and correlation to passively sense zone separation failures.
Option 4: Do not passively sense zone separation failures.
Option A: Do not actively test zone separations.
Option B: Use test vectors in conjunction with zone separation verification sensors.
Option C: Do penetration testing to verify zone separation.


IF zones are the primary protective mechanism used to gain economies of scale in protection, AND availability is more important than preventing any zone separation failure, THEN use out-of-line passive zone separation verification.
OTHERWISE IF zones are the primary protective mechanism used to gain economies of scale in protection, THEN use inline passive zone separation verification,
OTHERWISE IF endpoints have sensors that can verify zone separation to some extent and correlation of endpoint sensors is available or will be acquired for this purpose, THEN use endpoint-based passive zone separation verification,
OTHERWISE do not use passive zone separation verification.
IF sensors are being used for independent separation verification AND the surety or timeliness associated with that detection is inadequate to the risk levels involved, THEN test vectors should be generated to test the zone separation mechanisms.
OTHERWISE IF the surety or timeliness associated with that detection is inadequate to the risk levels involved, THEN penetration testing should be used to verify zone separation mechanisms.
OTHERWISE additional testing of zone separation should not be undertaken.



Passive zone separation verification is the use of sensors to passively verify that zone separation is properly operating. Without some way to detect separation failures, accidental and intentional failures and bypasses will simply continue to operate indefinitely. This is sometimes identified as,and is similar to intrusion prevention, but it is oriented toward enforcement of zone policies rather than known attack or leakage detection or prevention. This is also used to verify chain of custody and provide transparency associated with assurances of proper operation.

Inline passive verification and mitigation: Inline passive verification is an inline sensor that detects bypass of zone separation mechanisms and interrupts content flows when zone bypass is detected.

Out-of-line passive verification: Out-of-line passive verification is used to detect separation bypass and report it so that mitigation can be handled through the normal operational process rather than through automated response. It tends to be used where availability is more critical than other protective requirements.

Use endpoint detection: In this approach, endpoint sensors are correlated to detect separation failures. This is problematic because these sensors tend not to detect these sorts of policy violations, they are subject to direct attack, they require explicit correlation and analysis, and they tend to see only select zone traffic.


Testing zone separation is key to achieving assurance that zones are working properly. In addition to using zone separation verification through sensors, additional testing can and should be undertaken to induce signals on each size of the zone separation mechanism that, in conjunction with the sensors used to verify separation, actively shows that the separation is properly operating and detects failures in earlier than would otherwise be likely.

Test vector generation: This approach creates test vectors intended to demonstrate that separation mechanisms are not properly operating. It uses zone separation verification sensors to determine which test vectors pass the separation mechanism and which do not in order to systematically verify that separation is working properly.

Penetration testing: This method uses automated and expert testers to attempt to identify and exploit systems and vulnerabilities in systems within zones from other zones in order to verify that the zone separation is working properly.

Copyright(c) Fred Cohen, 1988-2015 - All Rights Reserved