Re: Air Gaps vs. Firewalls

["Talisker" <Talisker () networkintrusion co uk>]

Hi all

I've joined this thread late, therefore I apologise if my concerns have been
addressed

1.   The purpose of an airgap is to control traffic, in the traditional
method of a human moving the data from one machine to another, he/she would
scan the disks for malicious content before inserting the data in the
target. Furthermore data can move from say unclassified to classified but
not vice versa.

Whats the benefit of the e-gap store and forward method if all the data is
moved both ways without any checking

When it goes unidirectional how are acknowledgements passed or is all data
sent fire and forget from source to target

As the unit comprises in part of  "a switch - which is based on analog
switches" and it incorporates a short circuit alarm, is there a higher risk
of failure?

The product looks pretty good, but the techie in me is saying how and the
security dude in me is saying what if

Andy
http://www.networkintrusion.co.uk Talisker's comprehensive IDS & Scanner
List
                    '''
                 (0 0)
  ----oOO----(_)----------
  | The geek shall        |
  |  Inherit the earth     |
  -----------------oOO----
               |__|__|
                  || ||
              ooO Ooo


The opinions contained within this transmission are entirely my own, and do
not necessarily reflect those of my employer.





----- Original Message -----
From: "Avi Nagar" <avi () adm co il>
To: <firewall-wizards () nfr net>
Sent: Thursday, October 12, 2000 7:38 AM
Subject: [fw-wiz] Air Gaps vs. Firewalls


> > There ought to be a genuine physical "gap" somewhere instead of just
> electron flux in a bunch of switching transistors. But I'm just old
> fashioned, or a technical nit picker, or paranoid, or something.
>
> Just very naive to think something like that could be done without any
> electrical connection and still be for online transactions.
>
> Really wouldn't it be perfect if firewalls and even Sidewinder had no
> fault states or backdoors?
>
> Combining "air-gap" technology with products such as eGap and good
> firewall solution does provide a better secured practical env. for
> e-business systems that must not put all balls in one basket (firewall),
> plus the increasing security of internal db and applications from
> outside penetration.
>
> > Now, the proprietor might be worried about 'security' and tolerate some
> 'least privilege' to get it. But it's never a goal in itself, except for
> technically oriented security people.
>
> Aiming such a product to every small office web application you may have
> a point, but this is hardly the case on large and complex e-business
> applications.
>
> Disclosure:  I work for security integration company and we found eGap a
> good complimentary solution for physical separation along with
> adjustable and easy to use content restriction tool.
>
> Avi Nagar
>
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr net
> http://www.nfr.net/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards