Firewall Wizards mailing list archives
RE: FW: Is this for real (e-Gap from Whale Communications)
From: "Squire, Jonathan" <Jonathan.Squire () dowjones com>
Date: Thu, 11 Nov 1999 15:22:51 -0500
A problem that didn't get much play in Squire's review... IMHO the e-gap mechanism shares the same fatal flaw as the competition (firewalls, guards, etc) -- since it passes data, *and* data today contains executable logic, then people can always find a way to attack the inside via hostile logic (macro viruses, malicious applets, whatever). The e-gap technology doesn't do a thing about any of this itself. In fact, their web information suggests that they can only address such problems via filtering installed on the "trusted" side.
Rick makes a good point here that I didn't address. Depending on what data is transmitted through the device you could send malicious code)... remember this device is sneaker-net-like in their own words, so you could send a word document through it and it contains a macrovirus that sends your credit cards back through it.
I've heard rumors that people have even done IP embedded in SMTP e-mail, though perhaps that's another security urban legend.
it's been done, though I never used the code: http://www.detached.net/mailtunnel.html -Jon Squire Information Security Auditor Dow Jones & Company -- My words are my own, they represent my views... do not assume they represent anything but my own views.
Current thread:
- RE: Is this for real (e-Gap from Whale Communications) Ogrodnek, Larry (Nov 10)
- <Possible follow-ups>
- RE: Is this for real (e-Gap from Whale Communications) Ogrodnek, Larry (Nov 11)
- FW: Is this for real (e-Gap from Whale Communications) Ogrodnek, Larry (Nov 11)
- Re: FW: Is this for real (e-Gap from Whale Communications) Rick Smith (Nov 11)
- RE: FW: Is this for real (e-Gap from Whale Communications) Squire, Jonathan (Nov 11)
- RE: FW: Is this for real (e-Gap from Whale Communications) Frederick M Avolio (Nov 14)
- RE: FW: Is this for real (e-Gap from Whale Communications) Rick Smith (Nov 14)