Firewall Wizards mailing list archives
Re: Air Gaps vs. Firewalls
From: "Talisker" <Talisker () networkintrusion co uk>
Date: Fri, 20 Oct 2000 20:44:52 +0100
Hi all I've joined this thread late, therefore I apologise if my concerns have been addressed 1. The purpose of an airgap is to control traffic, in the traditional method of a human moving the data from one machine to another, he/she would scan the disks for malicious content before inserting the data in the target. Furthermore data can move from say unclassified to classified but not vice versa. Whats the benefit of the e-gap store and forward method if all the data is moved both ways without any checking When it goes unidirectional how are acknowledgements passed or is all data sent fire and forget from source to target As the unit comprises in part of "a switch - which is based on analog switches" and it incorporates a short circuit alarm, is there a higher risk of failure? The product looks pretty good, but the techie in me is saying how and the security dude in me is saying what if Andy http://www.networkintrusion.co.uk Talisker's comprehensive IDS & Scanner List ''' (0 0) ----oOO----(_)---------- | The geek shall | | Inherit the earth | -----------------oOO---- |__|__| || || ooO Ooo The opinions contained within this transmission are entirely my own, and do not necessarily reflect those of my employer. ----- Original Message ----- From: "Avi Nagar" <avi () adm co il> To: <firewall-wizards () nfr net> Sent: Thursday, October 12, 2000 7:38 AM Subject: [fw-wiz] Air Gaps vs. Firewalls
There ought to be a genuine physical "gap" somewhere instead of justelectron flux in a bunch of switching transistors. But I'm just old fashioned, or a technical nit picker, or paranoid, or something. Just very naive to think something like that could be done without any electrical connection and still be for online transactions. Really wouldn't it be perfect if firewalls and even Sidewinder had no fault states or backdoors? Combining "air-gap" technology with products such as eGap and good firewall solution does provide a better secured practical env. for e-business systems that must not put all balls in one basket (firewall), plus the increasing security of internal db and applications from outside penetration.Now, the proprietor might be worried about 'security' and tolerate some'least privilege' to get it. But it's never a goal in itself, except for technically oriented security people. Aiming such a product to every small office web application you may have a point, but this is hardly the case on large and complex e-business applications. Disclosure: I work for security integration company and we found eGap a good complimentary solution for physical separation along with adjustable and easy to use content restriction tool. Avi Nagar _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Log monitoring / alerting, (continued)
- Log monitoring / alerting Jean Caron (Oct 09)
- RE: Re: Air Gaps vs. Firewalls Ryan Russell (Oct 04)
- RE: Re: Air Gaps vs. Firewalls Rick Smith (Oct 04)
- RE: Air Gaps vs. Firewalls Mike Bobbitt (Oct 03)
- RE: Re: Air Gaps vs. Firewalls rreiner (Oct 04)
- RE: Re: Air Gaps vs. Firewalls Rick Smith (Oct 04)
- RE: Re: Air Gaps vs. Firewalls Frederick M Avolio (Oct 04)
- RE: Re: Air Gaps vs. Firewalls Rick Smith (Oct 04)
- RE: Re: Air Gaps vs. Firewalls Rick Smith (Oct 04)
- Re: Air Gaps vs. Firewalls Rick Smith at Secure Computing (Oct 14)
- Re: Air Gaps vs. Firewalls Talisker (Oct 20)