Zero Net

A zero net is a mechanism that can be used in sensitive systems with high demands on data export control and security logging. An independent network is inserted between the exporting and receiving system where additional controls, audit logging or addressing can be performed. The zero net is protected with diodes making it difficult to attack and possible to be administrated separately from the exporting and receiving networks.

See below for an example where a zero net is used for content inspection before an export is allowed.

The content inspection server performs required checks to ensure that the export is allowed before allowing it to pass to the receiving system.

Relevant events can be logged, possibly to a SOC over another diode.

The content inspection can be done, entirely or partially, by COTS products.