Re: Is this for real

[Rick Smith <rick_smith () securecomputing com>]

Concerning Whale's "e-gap" technology:

The design concept (as far as I can figure it out from web based PR) seems
fairly sound -- they're throwing hardware at the problem of controlling
data transfer between two security domains. It's a strategy with a
venerable tradition and a pretty good success rate.

On the other hand, you can't pass data without passing through some clever
attacks as well. It's just the nature of the beast. So I don't think the
"e-gap" greatly increases security assurance over what you get from a good
application level firewall.

A big shortcoming I see is that, unlike a firewall, it's *not* a stand
alone device. You need to install in in conjunction with *two* other
computers, one each for the 'inside' and 'outside' networks. So you're
tying up three pieces of equipment in order to connect your two networks
together. A firewall only ties up that one box that hosts the firewall
software.

Also, the 'e-gap' system seems to rely on specially packaged hardware, and
that's going to drive the selling price up while keeping the company's
profit margins down. Customers can always buy a computer for less by buying
it themselves. Even if the 'e-gap' device is a repackaged PC, Whale will
have to charge a higher price just to cover their repackaging costs. The
"e-gap" box looks as if it's a special purpose device, though it might be
just an oddly packaged PC with an extra SCSI interface (it needs two
independent SCSI busses). So I doubt they'll be able to provide security at
a price that competes with today's firewalls.

Anyway, I wish them luck. They'll need it. Very few people are willing to
spend extra money (or extra administrative effort) for that type of
stronger security assurance.