Firewall Wizards mailing list archives
RE: Re: AirGap's... one way protection
From: Frederick M Avolio <fred () avolio com>
Date: Fri, 20 Oct 2000 18:02:30 -0400
At 01:08 PM 10/20/00 -0700, Harris, Tim wrote:
Then I'm just missing the point of eGap. To further your analogy, consider the little cash drawer at a self serve gasoline station. You have a little slot you put the money into. The person inside pulls the drawer in, removes the money (or whatever), places your change into the drawer and then moves the drawer out where you remove your change/receipt. This stops you from physically threatening the person inside with a gun or club but it doesn't in any way affect your ability to put counterfeit money or bad credit cards in the drawer.
Yes yes yes! You've got it. It doesn't do EVERYTHING. Like an application gateway firewall needs virus scanning, and virus scanning on your MS desktops, too, and good sound education and practice, etc.
It strips IP header information and otherwise makes it exceedingly difficult to launch certain classes of attacks from a compromised web server (for one example). A true air gap would limit the accessibility of the back office or production net, while still supporting application transactions.
You mention a "toggling memory device". This sounds like nothing more than the old half-duplex modem technology. You still have to send data and get a confirmation that it was received correctly. This sounds as if it might really do nothing more than slow down the transfer which I would think is a "Bad Thing". Maybe you can control the mechanism for transferring the information, but unless you examine the data being moved, and validate it somehow, what you have is of value to a very small niche. I don't see it as being anything needed/required/wanted by most people. Now, if you are doing a protocol switch or changing the context of the data somehow... Tim
Fred Avolio Consulting, Inc. 16228 Frederick Road, PO Box 609, Lisbon, MD 21765, US +1 410-309-6910 (voice) +1 410-309-6911 (fax) http://www.avolio.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: AirGap's... one way protection Jon Squire (Oct 18)
- Re: Re: AirGap's... one way protection Joe Nall (Oct 19)
- Re: Re: AirGap's... one way protection Frederick M Avolio (Oct 19)
- Re: Re: AirGap's... one way protection Joe Nall (Oct 19)
- Re: Re: AirGap's... one way protection Frederick M Avolio (Oct 20)
- Re: Re: AirGap's... one way protection Joe Nall (Oct 20)
- Re: Re: AirGap's... one way protection Frederick M Avolio (Oct 23)
- Re: Re: AirGap's... one way protection Frederick M Avolio (Oct 19)
- Re: Re: AirGap's... one way protection Joe Nall (Oct 19)
- <Possible follow-ups>
- RE: Re: AirGap's... one way protection Harris, Tim (Oct 19)
- RE: Re: AirGap's... one way protection Frederick M Avolio (Oct 23)
- RE: Re: AirGap's... one way protection Harris, Tim (Oct 23)