At our place of work we have a policy that USB mass storage devices are not used to transfer data to and from the network that contains our IP. The justification for this is the following security control:
“Any media connected to a system with a higher sensitivity or classification than the media is reclassified to the higher sensitivity or classification, unless the media is read-only or the system has a mechanism through which read-only access can be ensured”
However I noticed today that they were using DVD+R disks. I don’t believe that this is read-only material, but DVD-R is.
If data was written to the DVD on the corporate network from a compromised machine, if that DVD was then put into the protected network is it feasible that data from the protected network could be written back onto that same DVD? I’m thinking yes – but I’m not sure so I thought I’d ask here.
TLDR= Is DVD+R a data diode or do you need DVD-R