Bridging the Air Gap: Cross Domain Solutions

BSidesLV 2014

Presented by: Patrick Orzechowski
Date: Tuesday August 05, 2014
Time: 16:55 - 17:25
Location: Proving Ground

For years the government has been using CDS to bridge networks with different classification levels. This talk will focus on what CDS systems are, how they’re built, and what kind of configurations are common in the wild. Furthermore, we’ll look at testing techniques to evaluate the security of these systems and potential ways to exploit holes in configuration and design. We’ll also look at the ways the commercial world might benefit from a data and type-driven firewall as well as some of the downfalls and negative aspects of implementing a cross-domain system.

Patrick Orzechowski

Shifty is a veteran of over a decade in the infosec industry, some computer science schooling, dozens of conferences, and multiple brain-arcings. His particular area of interest is data-driven security, whether it’s mining actionable intel from mountains of metadata or protecting systems from unwanted activity. He spent a significant amount of time certifying and penetration testing Cross Domain Solutions for the government with varying degrees of success.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats