Firewall Wizards mailing list archives
Re: Air Gap vs. firewall
From: "Steven M. Bellovin" <smb () research att com>
Date: Fri, 22 Sep 2000 21:02:34 -0400
In message <4.3.1.2.20000922200440.00a84800@localhost>, "Marcus J. Ranum" write s:
"A firewall is the logical disconnection of two physically connected net works, while a gap is a physical disconnection of two logically connected networks."If you can surf the web or get E-mail through it, it's a firewall. There've been a number of firewalls billed as "air gap" that are actually involved proxies in which traffic is gatewayed over some means other than a network (e.g.: a private bus) and/or packets (e.g.: some kind of de-encapsulation re-encapsulation) but the bottom line is that if you can surf the web through it, or get E-mail you're probably not much more secure than with a conventional firewall.
Not "much" more secure? With any sort of reasonable firewall (and, of course, policy), your Web browser and your mailer run neck-and-neck for which is the biggest security hole. Melissa, who loves you, votes for the mailer, but the plethora of Javascript holes in "typical" clients tilts the scale back towards the Web browser. --Steve Bellovin _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Air Gap vs. firewall a burbatsky (Sep 22)
- Re: Air Gap vs. firewall Marcus J. Ranum (Sep 22)
- Re: Air Gap vs. firewall Crispin Cowan (Sep 23)
- RE: Air Gap vs. firewall Ofir Arkin (Sep 23)
- Re: Air Gap vs. firewall Joseph S D Yao (Sep 23)
- <Possible follow-ups>
- Re: Air Gap vs. firewall Steven M. Bellovin (Sep 23)
- RE: Air Gap vs. firewall David Bovee (Sep 23)
- Air Gap VS. Firewall Campbell Family (Sep 25)
- Re: Air Gap VS. Firewall Crispin Cowan (Sep 26)
- Re: Air Gap VS. Firewall Marcus J. Ranum (Sep 26)
- Re: Air Gap VS. Firewall Crispin Cowan (Sep 26)
- RE: Air Gap VS. Firewall Paz (Sep 26)