Re: Is this for real

[Mikael Olsson <mikael.olsson () enternet se>]

(Disclaimer: This is based on a quick cursory reading, I might be
 way off here)

The way I see it, they've merely separated the two halves of an
application level gateway (or, erronously "transparent proxy")
by storing the application level data on a SCSI hard drive
that both halves have access to via separate SCSI cables.
(It could be something other than a hard drive aswell, maybe
something RAM based? Dunno, and it doesn't matter.)

This should indeed guard against any and all TCP/IP level attacks,
and hopefully guard against the inner half being compromised as
a result of the outer one being compromised. The latter depends
on how well written their code is.

What it DOES NOT automatically guard against is, for instance, 
virii transmitted by email or poorly written CGIs on internal
web servers.

I'd imagine the old use-phf-to-show-the-passwd-file vulnerability
will work just fine through the e-gap unless it explicitly knows
about it and blocks it.

IMNSHO, this makes e-gap just about as effective as your basic 
proxy firewall, albeit with the added protection that complete
firewall compromise is not as likely as with normal firewalls.

/Mike

Anton J Aylward wrote:
> ... or is it just part of the movement to put "e-" before
> everything?  Somehow I'm not sure this makes sense.  I can't
> see it being used, for example, to support electronic banking.
> Or am I missing something?
>
> http://www.whalecommunications.com/fr_0600.htm

-- 
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50           Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.se        E-mail: mikael.olsson () enternet se