Firewall Wizards mailing list archives
Re: Is this for real
From: Frederick M Avolio <fred () avolio com>
Date: Thu, 11 Nov 1999 22:25:00 -0500
On the other hand, you can't pass data without passing through some clever attacks as well. It's just the nature of the beast. So I don't think the "e-gap" greatly increases security assurance over what you get from a good application level firewall.
I'm all for firewalls, especially application gateways, but... there are at least two network interfaces and a logical path through the firewall, albeit turned off most of the time. (And, yes, I hope it is obvious that I can give all the arguments for installing a firewall and still do recommend them.) I think it does increase security assurance. Does for me, anyway. I'd love a device that provided a provable separation in the network... this for the same reason I (and many of us) argue for security devices that fail closed. I'd even say it could "greatly" increase assurance.
A big shortcoming I see is that, unlike a firewall, it's *not* a stand alone device. You need to install in in conjunction with *two* other computers, one each for the 'inside' and 'outside' networks. So you're tying up three pieces of equipment in order to connect your two networks together. A firewall only ties up that one box that hosts the firewall software.
Interesting... What you found to be an problem, I find an asset.
Also, the 'e-gap' system seems to rely on specially packaged hardware, and that's going to drive the selling price up while keeping the company's profit margins down.
Okay, so we've slipped from security arguments into a business one and now we're trying to determine if the company is viable or if we'd invest. :-)
It is not a replacement for a firewall but augments the use of firewalls and is arguable more secure than any type of firewall for some things. No, it doesn't stop all attacks. I appreciated reading Jonathan's notes, but I don't understand the purpose. His bottom line -- after all the possible attacks postulations -- was identical to what I wrote the other day: "It's something to play w/ and determine if the good outweighs the risks." (Though I don't see it adding any risks.)
Current thread:
- Re: Is this for real Mikael Olsson (Nov 10)
- Re: Is this for real Rick Smith (Nov 11)
- Re: Is this for real Frederick M Avolio (Nov 14)
- Re: Is this for real Saravana Ram (Nov 15)
- Re: Is this for real Joseph S D Yao (Nov 17)
- Re: Is this for real Frederick M Avolio (Nov 14)
- Re: Is this for real Rick Smith (Nov 11)
- Re: Is this for real Saravana Ram (Nov 14)
- <Possible follow-ups>
- Re: Is this for real Crispin Cowan (Nov 10)
- Re: Is this for real Joseph S D Yao (Nov 10)
- RE: Is this for real Bill Stout (Nov 15)
- RE: Is this for real Squire, Jonathan (Nov 15)