Re: Air Gap or Castles in the Air?

[Rick Murphy <rmurphy () mitre org>]

At 05:28 PM 9/23/2000 -0700, Roger Marquis wrote:
> > I am trying to get a handle on the difference between an air gap appliance
> > and a firewall.
>
> The distinction between a firewall and what infosecuritymag.com considers
> an "air-gap" product is nothing more than marketing hype.

I'll agree with you if the air-gap is being marketed as a firewall replacement.
However, there is a market for these devices - classified networks that 
want to receive information from unclassified networks. You can't connect 
the two unless you have a high assurance device connecting them that 
doesn't let anything leak out of the classified network. These devices can 
provide that level of assurance.

What we're seeing, however, is an attempt to find a broader market for 
air-gaps. I don't see an advantage of the air-gap firewall versus any 
other, for precisely the reasons Steve Bellovin gave - high assurance 
transport of malicious content isn't what we're striving for. This is a 
case of a solution looking for different problems to solve in order to sell 
more units.
        -Rick



_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards