[jtakkala]

Great idea. I always thought that it's essential to log events in realtime to a remote system that is secure and harder to compromise to modify the logs post-intrusion. Way back in the day it was suggested to do this to an entirely offline system by cutting the rx pins on a parallel cable, thereby only allowing the one-way transmission of logs to the log server. I don't know if anyone ever did that in practice though.

Anyways this invites the question, are you allowing your production servers to make outbound internet connections? Generally, I would proxy outbound connections and/or use internal mirrors and repos for the installation of software.

[henrygrew]

> it was suggested to do this to an entirely offline system by cutting the rx pins on a parallel cable, thereby only allowing the one-way transmission of logs to the log server.

sounds like overkill, but pretty cool i must say.

[Manozco]

I contributed to this kind of development (It was still a prototype when I left) and AFAIR you can use some ethernet to optic fiber converters. Thoses devices will spit out (or ingest on the other side) one fiber for RX and one fiber for TX, so it makes the creation of the gap very easy. I don't exactly remember the device name though..

[_joel]

I think the term you are looking for is 'data diode' or uni-directional network link - https://en.wikipedia.org/wiki/Unidirectional_network