Firewall Wizards mailing list archives
Re: Is this for real
From: Mikael Olsson <mikael.olsson () enternet se>
Date: Tue, 09 Nov 1999 20:42:50 +0100
(Disclaimer: This is based on a quick cursory reading, I might be way off here) The way I see it, they've merely separated the two halves of an application level gateway (or, erronously "transparent proxy") by storing the application level data on a SCSI hard drive that both halves have access to via separate SCSI cables. (It could be something other than a hard drive aswell, maybe something RAM based? Dunno, and it doesn't matter.) This should indeed guard against any and all TCP/IP level attacks, and hopefully guard against the inner half being compromised as a result of the outer one being compromised. The latter depends on how well written their code is. What it DOES NOT automatically guard against is, for instance, virii transmitted by email or poorly written CGIs on internal web servers. I'd imagine the old use-phf-to-show-the-passwd-file vulnerability will work just fine through the e-gap unless it explicitly knows about it and blocks it. IMNSHO, this makes e-gap just about as effective as your basic proxy firewall, albeit with the added protection that complete firewall compromise is not as likely as with normal firewalls. /Mike Anton J Aylward wrote:
... or is it just part of the movement to put "e-" before everything? Somehow I'm not sure this makes sense. I can't see it being used, for example, to support electronic banking. Or am I missing something? http://www.whalecommunications.com/fr_0600.htm
-- Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50 Mobile: +46-(0)70-248 00 33 WWW: http://www.enternet.se E-mail: mikael.olsson () enternet se
Current thread:
- Re: Is this for real Mikael Olsson (Nov 10)
- Re: Is this for real Rick Smith (Nov 11)
- Re: Is this for real Frederick M Avolio (Nov 14)
- Re: Is this for real Saravana Ram (Nov 15)
- Re: Is this for real Joseph S D Yao (Nov 17)
- Re: Is this for real Frederick M Avolio (Nov 14)
- Re: Is this for real Rick Smith (Nov 11)
- Re: Is this for real Saravana Ram (Nov 14)
- <Possible follow-ups>
- Re: Is this for real Crispin Cowan (Nov 10)
- Re: Is this for real Joseph S D Yao (Nov 10)
- RE: Is this for real Bill Stout (Nov 15)
- RE: Is this for real Squire, Jonathan (Nov 15)