Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
Local Area Networks (LANs) in Aircraft - FTP Directory Listing - FAA
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
8.3.5 Firewall.<br />
The firewall needs to be configured as exclusively as possible. Because of the presence of<br />
passengers <strong>in</strong> the network <strong>in</strong> the figure 1 target, the HTTP overt channel vulnerability (see<br />
section 4.1 and appendix A.1) unfortunately cannot be fully mitigated, unlike the figure 3 target<br />
alternative. However, if aircraft design restricts pilot and crew communications such that they<br />
never use HTTP, then the firewall can be configured so that HTTP traffic (i.e., both Port 80 and<br />
Port 443) is filtered by the firewall whenever the packet’s dest<strong>in</strong>ation address is a nonpassenger<br />
device. Such a rule would provide aircraft devices helpful protection <strong>in</strong> figure 1 environments.<br />
Even if the pilot and crew were only permitted to use secure HTTP (i.e., Port 443), then at least<br />
the more dangerous Port 80 transmissions could be filtered. In any case, the firewall needs to be<br />
configured with the follow<strong>in</strong>g considerations.<br />
• All f<strong>in</strong>gerpr<strong>in</strong>t<strong>in</strong>g attempts (see appendix A.1) orig<strong>in</strong>at<strong>in</strong>g from outside of the aircraft to<br />
any entity with<strong>in</strong> the aircraft will fail (except for those that occur through the HTTP overt<br />
channel for figure 1 environments).<br />
• All communications to encapsulation gateways from outside of an airplane are blocked<br />
by the firewall unless they use IPsec’s ESP. (Note: both the firewall and the<br />
encapsulation gateways themselves need to redundantly enforce this same rule for<br />
defense-<strong>in</strong>-depth reasons.)<br />
• The firewall should also drop all packets orig<strong>in</strong>at<strong>in</strong>g from outside of the aircraft to IP<br />
dest<strong>in</strong>ation addresses that are not deployed with<strong>in</strong> the aircraft LAN. The firewall does<br />
not have visibility <strong>in</strong>to VPNs s<strong>in</strong>ce it only sees their encapsulat<strong>in</strong>g packet headers, which<br />
are solely addressed to encapsulation gateways.<br />
It is desirable that an NIDS be associated with the firewall system if SWAP considerations<br />
permit and that the NIDS be configured to recognize attack footpr<strong>in</strong>ts and to optionally send<br />
alerts to designated crew members or ground systems alert<strong>in</strong>g them when certa<strong>in</strong> types of attacks<br />
occur.<br />
8.3.6 The ASBR Router.<br />
In forthcom<strong>in</strong>g air-to-ground digital communications systems, such as an IP variant of the ATN,<br />
<strong>in</strong>ternal aircraft rout<strong>in</strong>g will need to be associated with rout<strong>in</strong>g elements outside of the airplane<br />
for air-to-air and air-to-ground communications to occur. The specific mechanisms by which<br />
this will occur will be an <strong>in</strong>tegral part of the communication system itself. S<strong>in</strong>ce this network<br />
system has not yet been def<strong>in</strong>ed at the time of this writ<strong>in</strong>g, this report will speak of this<br />
relationship as if it were to occur between AS. In such a system, the aircraft would use an ASBR<br />
with<strong>in</strong> the aircraft to communicate to external network<strong>in</strong>g elements.<br />
The ASBR, which is not shown <strong>in</strong> figure 30, must be present on the airplane to provide BGP<br />
connectivity with the remote air and ground networks with which the airplane is communicat<strong>in</strong>g.<br />
The airplane’s ASBR should be configured such that all packets that are sent with an ASBR’s<br />
network <strong>in</strong>terface as the IP dest<strong>in</strong>ation address should be dropped unless they use IPsec <strong>in</strong><br />
117