Information Security News mailing list archives
Re: E-Gap Cuts Off Hacker Access
From: Aleph One <aleph1 () UNDERGROUND ORG>
Date: Thu, 11 Jan 2001 08:30:58 -0800
On Mon, Jan 08, 2001 at 01:56:06PM +0100, Patrick Oonk wrote:
What it does is ensure that hackers cannot jump from the Internet into a company's "back office" -- the internal Web server or computer where it stores sensitive information such as a buyer's credit card details. The system consists of two servers, or computer systems. One is connected to the Internet and the other to the back office. A black box in the middle contains a memory device toggling between them. "This eliminates the main way hackers get inside. The main goal is to avoid hacking into internal systems," said Whale chief executive Elad Baron. "We created an air-gap between the two networks. The back office and Internet are completely disconnected at all times," he said. "There is a safe zone. If the data is OK, then it's passed on to the back office to execute the transaction.''
What a load of bull. Its sad to see a security company attempt to mislead consumer by telling them they are selling an 'air gap' in an attempt to associate the security benefits of one with their product. It reminds me of the crypto vendors claiming they are selling some type of one-time pad. In reality what the E-Gap system do is create a proxy connection between systems that strips down any network layers under the session layer. What this means is that if you set up a web server using the E-Gap if an intruder where to break into the external E-Gap system he could not obtain TCP/IP connectivity to the internal web server. This is certainly not a bad property to have. Nonetheless the intruder can still access the web server in the same way an a regular client. Regardless of the switch that they use to claim that the systems are "completely disconnected at all times" there still exists a logical connection between the systems. The intruder can still break into the internal system by using vulnerabilities above the transport layer (e.g. use whisker against a web server protected with E-Gap). What these people completely miss is that the property of an air gap that makes it secure is not simply that there is no physical connection between the devices, but that the logical connection between systems in an air gap is no automated and that for an attacker to operate the logical connection (walk from one system to the other with a floppy) he needs to be physically present were the systems are. A remote attacker is out of luck. While E-Gap can claim that with their device systems are "completely disconnected at all times" what the fail to realize is that their switch operates automatically at all times and thus there is always a logical connection between the systems connected with their device. Its not a bad product, but it is no air gap. Its sad so see security company continue with these deceptive marketing practices. -- Aleph One / aleph1 () underground org http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- E-Gap Cuts Off Hacker Access Patrick Oonk (Jan 08)
- Re: E-Gap Cuts Off Hacker Access Aleph One (Jan 12)
- <Possible follow-ups>
- Re: E-Gap Cuts Off Hacker Access InfoSec News (Jan 29)