One physical network for the PAX and one for the A/c. No physical link between means that there is no electronic link between. It really is that simple.
Should any crew member need access to the PAX system, then they cross plug their terminal/PC into it. The PAX never need to go the other way.
After 27+ years in telecommunications, I can say that the only way to prevent any networking accident is to not have a network. If you have vital data, then do not provide network connectivity - irrespective of the firewalls in place. Simple. The FAA just need to state that there is no physical link on pain of death and they have proved that they understand the risk and have protected the pax. Job done.