Information Security News mailing list archives
Re: E-Gap Cuts Off Hacker Access
From: InfoSec News <isn () C4I ORG>
Date: Mon, 29 Jan 2001 00:07:28 -0600
Forwarded by: Joseph Steinberg <joseph () whale-com com> An intruder cannot access an internal web server in the same way as a regular client (with a network connection) could as the e-Gap forces thorough application-level content-inspection of user input to take place before the data reaches the real web server. Data analysis and content inspection is all performed on safe internal machines (protected by the e-Gap), and because networking is not used to transport data across the e-Gap, the only destination that the internal system will use for retransmitting data on the internal network is the pre-defined target machine. As such, data inspection will occur and cannot be circumvented or tampered with from outside of the e-Gap. This inspection includes granular analysis of URLS -- including regular expression comparisons -- (to prevent DEBUG features from being inappropriately utilized, various types of buffer overflow attacks, incorrectly formatted parameter problems, etc.). E-Gap can also perform additional security checks (e.g., additional levels of authentication at the inspection machine before a user is allowed to even have his/her request on a network wire with the target web server.) The e-Gap system is composed of the e-Gap appliance and its associated software (all the software-based system management and configuration is done from the internal trusted side). BTW: It is obviously not practical to build an e-Gap with a serial cable as today?s bandwidth requirements are generally many times greater than the typical maximum bandwidth of a serial port (115 Kbps). An individual e-Gap system has a bandwidth of almost 1000 times greater than that of a serial port, and a high-availability e-Gap system reaches almost 5,000 times the bandwidth. _.._ (_.-.\ Joseph Steinberg .-, ` Director of Technical Services .--./ / _.-""-. Whale Communications '-. (__..-" \ \ a | joseph () whale-com com ',.__. ,__.-'/ (201) 947-9177 x1511 '--/_.'----'` http://www.whalecommunications.com Join our complimentary web-based seminar for a technical demo of Whale's e-Gap solution (<http://www.whalecommunications.com/forum>), Wednesday, February 14, 2001, 1:00 pm Eastern Time, 12:00 pm Central Time, 10:00 am Pacific Time. Visit us at SANS New Orleans (<http://www.sans.org/>) at Booth 19, Jan. 30-31, and receive your free gift! See us at CeBit 2001, Hannover (<http://www.cebit.de/>), Israel National Pavilion, Hall 4, Mar 22-28.
On Fri, Jan 12, 2001 at 08:53:13AM -0500, Ben Rothke wrote:Hello, The air-gap products got a lot of airplay on the firewall-wizards list some months back. Two comments that stand out in reference to the efficacy of air-gap products are: A firewall is a tunnel, an air gap is a tunnel. And a tunnel is a tunnel is a tunnel. Giving it another name doesn't mean it isn't the same. and Roger Marquis said so poignantly: A half-duplex datastream with pico-second turnaround, coupled with a micrometer gap between two fiber connectors doesn't make a product anymore or less secure than other firewalls.Well the one property that E-Gap does have that regular proxy firewalls don't is that is composed of two systems. If the external systems gets compromised its does not immediately mean the internal one will. You may still find a vulnerability in the internal system via the application layer (which you can do without breaking into the system) or you may find a vulnerability in the transport layer that they use to shuffle requests back and forth between the systems. This obviously depends on the complexity of the protocol and the quality of its implementation.
ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- E-Gap Cuts Off Hacker Access Patrick Oonk (Jan 08)
- Re: E-Gap Cuts Off Hacker Access Aleph One (Jan 12)
- <Possible follow-ups>
- Re: E-Gap Cuts Off Hacker Access InfoSec News (Jan 29)