Re: Air Gaps vs. Firewalls

[Jonathan Squire <jsquirelists () crosswinds net>]

> Date: Thu, 12 Oct 2000 09:59:12 -0500
> To: Avi Nagar <avi () adm co il>, firewall-wizards () nfr net
> From: Rick Smith at Secure Computing <rick_smith () securecomputing com>
> Subject: Re: [fw-wiz] Air Gaps vs. Firewalls
>
> > Most sites get attacked for the same reason that retail stores suffer
> > financial loss from shoplifting: there is always a sprinkling of criminals
> > among your legitimate customers. If you lock out the criminals, you also
> >`lock out the customers.
>
> > In firewalls, this means that you must let certain traffic through in 
> order
> > to operate. This in turn lets in some attacks, regardless of the 
> quality of
> > the product. Even eGap will do this.

Agreed. Any time you allow a data path into a service you can attempt to 
attack the service. What the eGap gains you in this situation is that you 
are limited to data attacks, with the eGap in place you will not be able to 
attack the server at the network level. By removing network level attacks, 
an attacker will be required to play their games in the data stream 
(oversized headers, malformed URLs, illegal/modified form fields, etc.) The 
eGap's content filtering has benefits here because you can reduce the 
amount of those data stream attacks by filtering out things that you know 
are illegal. Will this prevent every attack? Absolutely not, but it is a 
good start.




_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards