Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: AirGap's... one way protection

From: Frederick M Avolio <fred () avolio com>
Date: Fri, 20 Oct 2000 17:54:59 -0400
This is not directly in response to what Joe Nall wrote, though I am using his posting as a jump off point for an observation (at the risk of being called a dinosuar again (or was that on the other list?).
I imagine we had such discussions when the only security firewalls were packet filters and circuit gateways and application gateways came on the scene. You know? Discussions about all the things that won't work using application gateways. Discussions about all the things that application gateways would still allow through (content-based attacks of any kind).
Simply put a true air gap -- and some products that use the term are probably not -- severs the host connection between two networks. A dual homed host is a connection, an avenue of threat that may or may not be exploited. Even with IP forwarding turned off. (If it really is turned off... remember that NT bug? And how about hybrid firewalls that have filters as well as application gateways? Two computers that are never connected one to another except by a memory device that is only ever connected to one or the other sounds pretty good. Is it overkill? Depends what your security policy says. Is it the same as an application gateway firewall? Only as much as an application gateway firewall is the same as a filtering router. 

Fred
Avolio Consulting, Inc.
16228 Frederick Road, PO Box 609, Lisbon, MD 21765, US
+1 410-309-6910 (voice) +1 410-309-6911 (fax)
http://www.avolio.com/


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: