Firewall Wizards mailing list archives
Air Gaps vs. Firewalls
From: "Mike Bobbitt" <bobbitt () cipherlogic on ca>
Date: Fri, 29 Sep 2000 18:20:41 -0400
Folks, I've been following the discussion of Air Gaps vs. Firewalls for a bit, and just wanted to chime up with my two cents worth. (I hope I'm not resurrecting a dead discussion.) There have really been two questions asked here, as far as I can see. First, are air gaps different from Firewalls? In some respects, it's the same as asking is a proxy forwarder different from a packet filter different from an intelligent router? They can all perform a similar function, but do it through different implementations, and are each best suited for a specific purpose. I guess we really need a definitive definition for "Firewall" before we can answer that question in a meaningful way. (I haven't seen such a beast, but I'm sure it exists.) Since we're probably all working off slightly different definitions, our view of where an air gap fits is also bound to be different. Second question: Are air gaps useful? This one doesn't have a yes/no answer. In some environments, they add value. In some, the don't (or may even be a detriment). The security organization for each environment should do an independent study to see if anything can be gained from using an Air Gap. Whether or not you believe an Air Gap is a Firewall variant, I'm sure security professionals will agree that defence in depth is an excellent theory to design by. That means that if the hacker gets through your firewall because of vulnerability X, they (probably) can't use that same vulnerability to breach your air gap. If they now need to implement vulnerability Y to get through, it makes their job tougher, and yours easier. Pretty basic stuff, and it goes for using any security system in this manner. In essence, it means your hacker must know more about more systems and be more sophisticated to be a real threat. Rules out a lot of the script kiddies right there. _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Air Gaps vs. Firewalls Mike Bobbitt (Oct 01)
- Re: Air Gaps vs. Firewalls Mikael Olsson (Oct 01)
- <Possible follow-ups>
- RE: Re: Air Gaps vs. Firewalls rreiner (Oct 03)
- RE: Re: Air Gaps vs. Firewalls Rick Smith (Oct 04)
- Re: Re: Air Gaps vs. Firewalls Chuck Swiger (Oct 04)
- Log monitoring / alerting Jean Caron (Oct 09)
- RE: Re: Air Gaps vs. Firewalls Ryan Russell (Oct 04)
- RE: Re: Air Gaps vs. Firewalls Rick Smith (Oct 04)
- RE: Re: Air Gaps vs. Firewalls Rick Smith (Oct 04)
- RE: Re: Air Gaps vs. Firewalls Rick Smith (Oct 04)