Employees (unknowingly(?)) using infected USB drives caused security problems.
Well imagine that.
As several others pointed out the USB ports on the secure serfver should all be
fullly disabled
In addition I would suggest leaving one rewired seemingly availble USB port
that will cause a giant alarm to blare if someone inserted anything into it.
Further all informatin being somehow fed into the secure machines should be
based on simple text based files with no binary components.
To be read by a bastion host with a drive and driver that will only read those specific
files, that it is able to parse succefully and write it out to the destination
target, that I would suggest be an optical worm device that can then be
used to feed the airgapped system.
Employees (unknowingly(?)) using infected USB drives caused security problems. Well imagine that.
As several others pointed out the USB ports on the secure serfver should all be fullly disabled
In addition I would suggest leaving one rewired seemingly availble USB port that will cause a giant alarm to blare if someone inserted anything into it.
Further all informatin being somehow fed into the secure machines should be based on simple text based files with no binary components. To be read by a bastion host with a drive and driver that will only read those specific files, that it is able to parse succefully and write it out to the destination target, that I would suggest be an optical worm device that can then be used to feed the airgapped system.