Firewall Wizards mailing list archives
Re: More Air Gap marketing hype
From: Roger Marquis <marquis () roble com>
Date: Mon, 2 Oct 2000 19:07:15 -0700 (PDT)
Richard Reiner, Ph.D <rreiner () fscinternet com> wrote:
The point is that any traditional application proxy firewall, architected as software running atop a general-purpose operating system, has failure modes in which L2 or L3 isolation fails and the device passes L2 or L3 traffic, effectively becoming a bridge or a router
Neither, by the same token, is a well configured Unix firewall at risk of becoming a bridge or router. This is a red herring. There are also many firewalls based on closed or otherwise non-general-purpose operating systems. This is another red herring.
That's not a difference in functionality, it's a difference in the level of assurance available that the functionality
Not really, not at least when you compare apples with apples. I can build a FreeBSD-based, one-way, ftp-only firewall that's at least as secure and probably more robust than the eGap or any other firewall being mislabeled as "air-gap".
In short, a well-designed air gap device can provide higher assurance than is possible with an application proxy implemented in software on a general-purpose computer running a general-purpose OS.
Sure, but then apples never claimed to be more robust than oranges. IMHO -- Roger Marquis Roble Systems Consulting http://www.roble.com/ _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Re: More Air Gap marketing hype Roger Marquis (Oct 03)