Re: Air gap technologies

[Aleph One <aleph1 () underground org>]

On Thu, Jan 18, 2001 at 01:19:40PM -0500, Frederick M Avolio wrote:
> As I said ages ago when this came up before... I have reviewed the 
> technology. I like it. I am not a vendor. I call it an Air Gap. So, I 
> disagree with your analysis that it is a distortion of the truth. It is not 
> sneaker-net. I have no problem calling it an air gap. (I do have a problem 
> with one of their competitors, who has no hardware disconnect as far as I 
> can tell and just has software acting as the gap... That one *is* a proxy 
> firewall as far as I can tell from their lit.

Thats ridiculous. Whether or not there is an actual physical air gap
is not important. Both products could perform the exact same functions
whether they use some fancy SCSI switch or a serial cable. If the
software at the end of the serial cable is not listening to requests
its no less secure than an "air gap". The inverse is also true,
if the system with an "air gap" is always "on" and handling requests its
no more secure than the system with a serial cable.

Thus I would argue that the system with the "air gap" is mor suspect as
its obvious the "air gap" was added as a markteting gimmick and not
as something that would improve the security of the system.

This also shows why calling these system an "air gap" is wrong. They
are functionally identical to systems implemented without an "air gap".
A better name would be something along the lines of a "dual-host
proxies" or a "peephole proxies".

-- 
Aleph One / aleph1 () underground org
http://underground.org/
KeyID 1024/948FD6B5 
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01 
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards