Firewall Wizards mailing list archives

RE: Air Gap VS. Firewall

From: "Paz" <ariel () sys-security com>
Date: Tue, 26 Sep 2000 17:51:13 +0200

YES! Give the man a cigar - The only real security feature you are buying
with an air-gap firewall is the HTTP (or any other protocol) parsing
ability. When you buy this "proxy otherwise presented" firewall you simply
put more trust in the air-gap company then in another proxy level firewall.

PAZ

Crispin wrote:

Yes, there is benefit, but that's the wrong question.

There is no real difference between this description and an application
proxy firewall.  It's a fine design for a proxy firewall.  But the snake
oil alarms start going off when the vendors try to characterize them as
somehow different from proxies.

So while the classification of firewall types can be tedious, inspecting
the difference between "air gap" firewalls and other kinds of firewalls
really is nothing more than a nuance in firewall classification.

Crispin


_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

Current thread:

Air Gap vs. firewall a burbatsky (Sep 22)
- Re: Air Gap vs. firewall Marcus J. Ranum (Sep 22)
- Re: Air Gap vs. firewall Crispin Cowan (Sep 23)
- RE: Air Gap vs. firewall Ofir Arkin (Sep 23)
- Re: Air Gap vs. firewall Joseph S D Yao (Sep 23)
- <Possible follow-ups>
- Re: Air Gap vs. firewall Steven M. Bellovin (Sep 23)
- RE: Air Gap vs. firewall David Bovee (Sep 23)
- Air Gap VS. Firewall Campbell Family (Sep 25)
  - Re: Air Gap VS. Firewall Crispin Cowan (Sep 26)
    - Re: Air Gap VS. Firewall Marcus J. Ranum (Sep 26)
- RE: Air Gap VS. Firewall Paz (Sep 26)