Firewall Wizards mailing list archives
Re: Air gap technologies
From: Crispin Cowan <crispin () wirex com>
Date: Thu, 18 Jan 2001 12:50:26 -0800
Frederick M Avolio wrote:
As I said ages ago when this came up before... I have reviewed the technology. I like it. I am not a vendor. I call it an Air Gap. So, I disagree with your analysis that it is a distortion of the truth.
I would really like to see a response from Frederick or Avi that addresses Matt LeGrow's question: what fundamental capabilities does the Whale "Air Gap" have that an application proxy does not? If such a qualitative difference can be defined and defended, then I'll buy the proposition that "air gap" is meaningful. If not, then this is a fancy word for "proxy", and the technical discussion should focus on "why my proxy is better than your proxy." For instance, consider the case where the proxy has a vulnerability. Lets say (for sake of argument) that the "Where Gap" product :-) has an identical switch to the Air Gap, but used the WU-FTPD on either side of the switch for FTP proxies, and unfortunately has not upgraded since teh format bug vulnerability was disclosed last June. This immediately lets the attacker 0wn the outside half of the Where Gap. Now the attacker can drop whatever content they like onto the switch. I don't know if WU-FTPD is vulnerable to attacks via that channel. Can Frederick or Avi comment on how robust the inside half of the Air Gap is against arbitrary content appearing on the switch device? This is the key point. A standard architecture application proxy is compromised if it is using a vulnerable FTPD as a proxy. The outside half of a switched proxy is equally vulnerable. How much safer is the inside because of the presence of the switch? Caveat: discussion about the software quality of the inside half are not exactly germain here. Standard proxy vendors can respond, with equal validity, that their proxies have "hoo-hah" or "FooBar" things in them to make them robust against attack. The interesting question is "what value does the switch hardware provide in defending the inside half of the proxy?" Thanks, Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Air gap technologies Avi Rubin (Jan 16)
- Re: Air gap technologies Paul Cardon (Jan 18)
- <Possible follow-ups>
- RE: Air gap technologies Stiennon,Richard (Jan 16)
- Re: Air gap technologies Crispin Cowan (Jan 18)
- Re: Air gap technologies Frederick M Avolio (Jan 19)
- Re: Air gap technologies Crispin Cowan (Jan 19)
- Re: Air gap technologies Avi Rubin (Jan 19)
- RE: Air gap technologies Robert Graham (Jan 22)
- What is a proxy? Robert Graham (Jan 24)
- RE: What is a proxy? Andreas Haug (Jan 25)
- Re: What is a proxy? Gary Flynn (Jan 25)
- Re: Air gap technologies Crispin Cowan (Jan 24)
- Message not available
- Re: What is a proxy? Marcus J. Ranum (Jan 25)
- Re: Air gap technologies Crispin Cowan (Jan 18)
- Message not available
- pcanywhere encryption hermit1 (Jan 26)
- Re: pcanywhere encryption Crist Clark (Jan 29)
- Re: pcanywhere encryption Randy Witlicki (Jan 29)