Firewall Wizards mailing list archives
Re: AirGap's... one way protection
From: "Jon Squire" <jsquirelists () eudoramail com>
Date: Wed, 18 Oct 2000 05:06:24 -0500
Most of the attention AirGap's (e-Gap) has been getting in the list is focused on wether they are different from an application proxy when used in a bidirectional modes. What does not seem to be addressed is the added benefit of using an e-Gap in a unidirectional mode and why this is different from a firewall. Whale Communications e-Gap can by physically locked (using a key) to allow only a one way transfer of data. This one way communication is implemented in hardware and cannot be changed by an attacker if he compromises the host computer. This gives us a safe failure state where we know no data can be transferred out (unless the attacker has physical access to the e-Gap device.) How many firewalls can absolutely guarantee that if they were taken over, the attacker won't be able to transfer data outbound... (well I suppose you could clip the RX pair on your ethernet cable on the inside interface, but this could pose some other problems.) Some examples of a use for the one way configuration of an e-Gap would be receiving confidential customer information (names, addresses, credit cards, etc.) You could pass the credit card information through an e-Gap in a one way fashion. By using this layer of protection, even if an attacker could mount a successful data stream attack they would disclose the information (such as the entire credit card database), they would not have a vector to transfer the information to the outside because the e-Gap would not allow the data to be transferred outbound. I think the ability to enforce unidirectional transactions in hardware is one of the main differences between Whale's e-Gap and a standard firewall. Join 18 million Eudora users by signing up for a free Eudora Web-Mail account at http://www.eudoramail.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: AirGap's... one way protection Jon Squire (Oct 18)
- Re: Re: AirGap's... one way protection Joe Nall (Oct 19)
- Re: Re: AirGap's... one way protection Frederick M Avolio (Oct 19)
- Re: Re: AirGap's... one way protection Joe Nall (Oct 19)
- Re: Re: AirGap's... one way protection Frederick M Avolio (Oct 20)
- Re: Re: AirGap's... one way protection Joe Nall (Oct 20)
- Re: Re: AirGap's... one way protection Frederick M Avolio (Oct 23)
- Re: Re: AirGap's... one way protection Frederick M Avolio (Oct 19)
- Re: Re: AirGap's... one way protection Joe Nall (Oct 19)
- <Possible follow-ups>
- RE: Re: AirGap's... one way protection Harris, Tim (Oct 19)
- RE: Re: AirGap's... one way protection Frederick M Avolio (Oct 23)