On 7/10/24 10:58, Phillip Hallam-Baker wrote:
In theory, networks can be virtualized. In practice, virtual networks are much harder to audit. So even though I have SDN in the home, I also have separate red and black networks for work and an air gapped yellow network for quarantine. It is really easy to see that the yellow network is still air gapped.
And when we get to corporate networking, it is very much the same. Every customer I have ever had has always wanted a model in which their network is separated from the Internet by a moat with clearly defined physical and logical access points.
People can assert that model is wrong but that is the model that the customers chose long ago and the burden of proof is on those trying to change it.
If your problem is small enough that you can use air gaps
effectively, and tightly restrict physical communications paths,
you should by all means do so. They're certainly useful, but IMO
of limited applicability.
(And air gaps are getting more difficult than ever to use in practice unless you have the luxury of tightly specifying the hardware used. Disallow WiFi hardware, Bluetooth hardware, USB controllers, maybe some other things.)
I mostly agree with you on the remainder of your message, though
I think trying to shoehorn everything into HTTP is about as bad as
trying to reuse FTP.
Keith
