Air Gap VS. Firewall

[Campbell Family <home () campbell-fam com>]

Lo All -

There seems to be a battle of definition going on about the differences
between air-gap devices and firewalls. The purpose of the firewall,
whether it be software or an appliance is pretty well known.  We could
go on all day about the different types and how they work.  An aip-gap
device is not actually much different by definition.  The difference as
it has been explained to me is in their application.

The air-gap was originally introduced to me not as a replacement for a
firewall . . . but, a device that has a different purpose.  An air-gap
is supposed to imperceptibly disconnect and reconnect trusted and
untrusted networks for the purpose of transfer of data on known secure
IP sessions.  (Bear with me - I read the bulk of this from some security
rag I cannot locate for reference.)

For example:  

A web server transacts a ton of data on a local database table during a
fixed period of time.  At some defined moment the web server intends to
checkpoint the data to another database on a secure network.  The web
server is connected to an air-gap device.  When the web server attempts
to open the TCP connection to the  database to which it is to
checkpoint, the air-gap device disconnects the web server from the
external "untrusted" network and connects it to the "trusted" network
where the other database server is located.  Once the TCP session closes
the disconnection/reconnection process is reversed.  It was my
understanding that the process was to occur without any perceptible
change in network connectivity which the hosts would see ( other than a
lack of connections in one direction or another for the period of
connection/disconnection ).

My question to the group is, "Is there any real benefit to this kind of
operation?".

Comments, questions, laughter . . . ???

bbc () un1x com

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards