Firewall Wizards mailing list archives
Re: [ISN] New Defence Computer Keeps Hackers Out and Secret (fwd)
From: Steve Bellovin <smb () research att com>
Date: Fri, 23 Oct 1998 12:59:38 -0400
In message <3.0.5.32.19981019090959.0099f100 () cchest mitretek org>, Rick Murphy writes:
At 01:39 PM 10/16/98 +0400, ark () eltex ru wrote:what the hell is that thing if _not_ firewall?? Does anybody know?It's not a firewall; it's a unidirectional data transfer device. It's intended to be put between classified and unclassified networks so that information can flow up toward the classified network but nothing can leak back down. Vision Abell have built an x-windows proxy capability using this box. Writing proxies is difficult because you can't get any feeback (acknowledgements, for example) from the classified side back to the unclassified side because you have a write-only link. Your proxy has to mimic the behavior of the classified side and can't tell if the classified side is even listening.
Right. It's important to understand the threat model that that sort of device is intended to counter: an enemy program (possibly a Trojan horse) that is reading classified files on the inside, and attempting to export them via surreptitious means, such as modulating ACK timings, etc.
Current thread:
- [ISN] New Defence Computer Keeps Hackers Out and Secret (fwd) ark (Oct 16)
- Re: [ISN] New Defence Computer Keeps Hackers Out and Secret (fwd) John Nicholson (Oct 19)
- Re: [ISN] New Defence Computer Keeps Hackers Out and Secret (fwd) Christopher Nicholls (Oct 19)
- Re: [ISN] New Defence Computer Keeps Hackers Out and Secret (fwd) Technical Incursion Countermeasures (Oct 23)
- Re: [ISN] New Defence Computer Keeps Hackers Out and Secret (fwd) Rick Murphy (Oct 23)
- <Possible follow-ups>
- RE: [ISN] New Defence Computer Keeps Hackers Out and Secret (fwd) Peter Mayne (Oct 19)
- RE: [ISN] New Defence Computer Keeps Hackers Out and Secret (fwd) Paul McNabb (Oct 23)
- Re: [ISN] New Defence Computer Keeps Hackers Out and Secret (fwd) Steve Bellovin (Oct 27)
- RE: [ISN] New Defence Computer Keeps Hackers Out and Secret (fwd) Paul McNabb (Oct 28)
- RE: [ISN] New Defence Computer Keeps Hackers Out and Secret (fwd) Jeremy Epstein (Oct 28)