Re: Air Gaps vs. Firewalls

[Mikael Olsson <mikael.olsson () enternet se>]

Mike Bobbitt wrote:
> Whether or not you believe an Air Gap is a Firewall variant, 
> I'm sure security professionals will agree that defence in 
> depth is an excellent theory to design by. 

Meep, sorry, that wasn't an argument for eGaps, that
was an argument for defence in depth. No points for that one.

No, seriously. A lot has been said about the "unparalleled
granularity" of these boxes. To those of you who argue
for its benefits, I feel I'll have to ask "just how
granular is it?". Will the URL shuttle, for instance, 
protect me against the mistakes of the average 
ASP/perl/php consultant, who fails to scrub queries 
passed to database engines? Without me having to work
just as hard with the application layer filters as the
consultant had to do to get those scripts working
in the first place?

/Mike, curious...

-- 
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-29 92 00         Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se        E-mail: mikael.olsson () enternet se

Techie Career Track Flowchart -- see where you're headed:
http://www.userfriendly.org/cartoons/archives/00oct/uf002304.gif

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards