Firewall Wizards mailing list archives

Re: Air Gap vs. firewall

From: "Marcus J. Ranum" <mjr () nfr net>
Date: Fri, 22 Sep 2000 20:11:02 -0400

"A firewall is the logical disconnection of two physically connected networks, while a gap is a physical disconnection of two logically connectednetworks."


If you can surf the web or get E-mail through it, it's a firewall.

There've been a number of firewalls billed as "air gap" that are
actually involved proxies in which traffic is gatewayed over
some means other than a network (e.g.: a private bus) and/or
packets (e.g.: some kind of de-encapsulation re-encapsulation)
but the bottom line is that if you can surf the web through it,
or get E-mail you're probably not much more secure than with a
conventional firewall.

mjr.
---
Marcus J. Ranum     Chief Technology Officer, Network Flight Recorder, Inc.
Work: http://www.nfr.net
Play: http://pubweb.nfr.net/~mjr


_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

Current thread:

Air Gap vs. firewall a burbatsky (Sep 22)
- Re: Air Gap vs. firewall Marcus J. Ranum (Sep 22)
- Re: Air Gap vs. firewall Crispin Cowan (Sep 23)
- RE: Air Gap vs. firewall Ofir Arkin (Sep 23)
- Re: Air Gap vs. firewall Joseph S D Yao (Sep 23)
- <Possible follow-ups>
- Re: Air Gap vs. firewall Steven M. Bellovin (Sep 23)
- RE: Air Gap vs. firewall David Bovee (Sep 23)
- Air Gap VS. Firewall Campbell Family (Sep 25)
  - Re: Air Gap VS. Firewall Crispin Cowan (Sep 26)
    - Re: Air Gap VS. Firewall Marcus J. Ranum (Sep 26)
- RE: Air Gap VS. Firewall Paz (Sep 26)