Firewall Wizards mailing list archives
re: Air Gap technology
From: <rreiner () fscinternet com>
Date: Fri, 29 Sep 2000 16:06:15 -0400
Having recently had the opportunity to work directly with one of the Air Gap products (the eGap from Whale Communications), I've followed this thread with interest. Surprisingly, many people seem to have missed one of the major factors which make Air Gap products such as the eGap interesting and useful. First, however, it's important to note that those who say that there is no hard high-level functional difference between what the eGap does, and what an ordinary application proxy does, are quite correct. Both a traditional application proxy and an air gap product provide access controls; both block all L2 and L3 traffic; both selectively move upper-layer traffic across a trust boundary by non-L3 means (in a traditional application proxy this is selective buffer-copying; in an air gap, specialized hardware is involved). [But see Note* below, because even though there isn't a high-level theoretical difference at this level, the actual functionality is quite different.] However, as they say, "security is not a functional concept". Meaning that security is equally about isolation or compartmentalization (which is achieved through authentication, authorization, content controls, and much related functionality) and about assurance or trust that the isolation functions are robust and correct (which is not about functionality at all). The point is that any traditional application proxy firewall, architected as software running atop a general-purpose operating system, has failure modes in which L2 or L3 isolation fails and the device passes L2 or L3 traffic, effectively becoming a bridge or a router -- the software can have a bug, the administrator can make a mistake, or the device can be subverted through a buffer overflow, format-string overflow, etc. Technologies such as Whale's eGap don't have this easily-reachable failure mode. If there actually is a failure mode in which the eGap device is so compromised that it begins to operate as a bridge or router -- quite unlikely, since it would require some pretty fancy footwork to pass Ethernet frames or IP datagrams over a solid state SCSI disk -- any such is certainly in a much more remote region of the total state space of the device than the analogous failure is in the state space of a conventional application proxy firewall. That's not a difference in functionality, it's a difference in the level of assurance available that the functionality will robustly continue to be what is desired and expected, under a wide range of conditions. In short, a well-designed air gap device can provide higher assurance than is possible with an application proxy implemented in software on a general-purpose computer running a general-purpose OS. Richard Note* - A less theoretical, but equally real, benefit of the eGap device is in the level of validation which the device is capable of applying to application data. The granularity is extremely high -- to the point of applying controls to the length or contents of responses to HTML forms (i.e. HTTP POST bodies), or to URLs, or to HTTP query strings, etc. This is a level of granularity which to my knowledge is not equally by any conventional application proxy. This functionality COULD be duplicated by a conventional application proxy (although it hasn't been). But such a proxy would still not have the enhanced assurance characteristics of the eGap device. -- . . Richard Reiner, Ph.D. . FSC Internet Corp. / SecureXpert Labs . The FSC Building, 188 Davenport Rd., . Toronto, Ontario, Canada M5R 1J2 . +1 416 921 4280, Fax +1 416 966 2451 . rreiner () fscinternet com, rreiner () securexpert com . www.fscinternet.com, www.securexpert.com _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- re: Air Gap technology rreiner (Oct 01)
- Re: Air Gap technology Rick Smith (Oct 03)
- IBM MQ security David Lang (Oct 04)
- Re: IBM MQ security Magosányi Árpád (Oct 04)
- Message not available
- Re: IBM MQ security Marcus J. Ranum (Oct 04)
- Re: IBM MQ security John McBrearty (Oct 09)
- IBM MQ security David Lang (Oct 04)
- Re: Air Gap technology Rick Smith (Oct 03)