RE: Air Gaps vs. Firewalls

["Mike Bobbitt" <Mike.Bobbitt () nortelnetworks com>]

My point was not for eGaps specifically, but it is a "checkmark" for using
air gaps in general. The more of your defences you have that are based on
differing technology, the more someone has to know and get through to breach
your network.

Pretty basic, and using a gap with a firewall is safer than a gap alone or a
firewall alone. I'm a firm believer in diversity, it makes it hard for a
"one product know it all" to slice into your perimeter...

> -----Original Message-----
> From: Mikael Olsson [mailto:mikael.olsson () enternet se]
> Sent: Sunday, October 1, 2000 10:20
> To: Mike Bobbitt
> Cc: firewall-wizards () nfr net
> Subject: Re: [fw-wiz] Air Gaps vs. Firewalls
>
>
>
> Mike Bobbitt wrote:
> > Whether or not you believe an Air Gap is a Firewall variant, 
> > I'm sure security professionals will agree that defence in 
> > depth is an excellent theory to design by. 
>
> Meep, sorry, that wasn't an argument for eGaps, that
> was an argument for defence in depth. No points for that one.
>
> No, seriously. A lot has been said about the "unparalleled
> granularity" of these boxes. To those of you who argue
> for its benefits, I feel I'll have to ask "just how
> granular is it?". Will the URL shuttle, for instance, 
> protect me against the mistakes of the average 
> ASP/perl/php consultant, who fails to scrub queries 
> passed to database engines? Without me having to work
> just as hard with the application layer filters as the
> consultant had to do to get those scripts working
> in the first place?