RE: Air gap technologies

[Frank Knobbe <FKnobbe () KnobbeITS com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Okay, I have not looked at the product, but I did follow the
description, and here are some thoughts.

- From what I understand, that gap-thingy is more or less two proxies
connected with an alternate medium (let's take that serial cable
Aleph mentioned). Let's compare that to a traditional proxy (or FW).
If a traditional proxy gets compromised from the Internet, there are
three modes. Either it fails open (ouch), or it fails shut. If it
fails shut, the question is where is shuts off, access may still be
possible, and with scripts you might be able to revive the dead
interface. The third mode is that the proxy does not fail, and you
successfully gained access to it, in which case you are in familiar
territory, namely you have an Ethernet interface on the internal side
that you can control (send packets, launch sniffers, etc).

The air gap proxy would probably behave the same way: It either fails
open (ouch again), fails shut, or leaves you with access. In the last
case, you are not in familiar territory, and you have no clue how to
operate that interface (serial, parallel, scsi?), and you have no
clue as to what protocol is spoken on that interface. But I see this
only as security through obscurity because a) given enough time you
can figure out the interface and the protocol (leaving aside the fact
that you would be investigated and service would be restored before
you can figure out the protocol), or b) you can examine what's left
of the system and deduce the access that way (after all, the software
running the box must come from somewhere).

So, this concept might be a tad more secure that a normal proxy, but
it is not the golden egg you image when you hear the word air gap.

However, I believe such an air gap (literally!) is possible. Imagine
a proxy combo connected via serial cable (for example). Imagine the
serial cable A connecting the internal proxy and 'a mystery box', and
cable B connection the mystery device and the external proxy. The
external proxy, in normal working condition, sends a heartbeat to the
device, which is nothing else than a RELAY kept alive by the
heartbeat. Should the proxy get compromised, and normal routines
providing security (and the heartbeat) are terminated, then the
missing heartbeat would cause the device to actually fail shut (in
other words, cause the relay to open). And there you have it! An air
gap between the relay contacts! You internal network is safe.

Resetting the system would require operator intervention where the
operator has to push and hold a button on the device until the proxy
has been restarted and the heartbeat is beating again.

Doesn't this sound like a nice, little weekend project?  ;)

Regards,
Frank



> -----Original Message-----
> From: Aleph One [mailto:aleph1 () underground org]
> Sent: Tuesday, January 23, 2001 2:23 PM
>
> [...]
> As an intelligent consumer of security products I am more likely to
> purchase a product from a vendor that does not use such gimmicks
> from among a set of equivalent products, and I would encourage
> others to do likewise.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME encrypted email preferred.

iQA/AwUBOm+6G5ytSsEygtEFEQLcuwCaAiqcmC9/FI+047aeR3/vvND6xvUAn3eq
8uaOVgefcFVsBENhvb/zYhy1
=KAOM
-----END PGP SIGNATURE-----
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards