Firewall Wizards mailing list archives
Re: Air Gap technology
From: Rick Smith <rick_smith () securecomputing com>
Date: Mon, 02 Oct 2000 17:25:49 -0500
At 03:06 PM 9/29/00, rreiner () fscinternet com wrote:
The point is that any traditional application proxy firewall, architected as software running atop a general-purpose operating system, has failure modes in which L2 or L3 isolation fails and the device passes L2 or L3 traffic, effectively becoming a bridge or a router -- the software can have a bug, the administrator can make a mistake, or the device can be subverted through a buffer overflow, format-string overflow, etc.
Hear, hear. That's why Sidewinder doesn't sit atop a COTS operating system, and relies on mandatory access control (MAC) mechanisms. However, Sidewinder's lack of dominance in the firewalls market might suggest that something more than security is on many customers' minds.
Technologies such as Whale's eGap don't have this easily-reachable failure mode. If there actually is a failure mode in which the eGap device is so compromised that it begins to operate as a bridge or router -- quite unlikely, since it would require some pretty fancy footwork to pass Ethernet frames or IP datagrams over a solid state SCSI disk -- any such is certainly in a much more remote region of the total state space of the device than the analogous failure is in the state space of a conventional application proxy firewall.
One could say the same for firewalls that use various flavors of MAC. There is no straight line from one network interface to the other at either the hardware or software level. The only difference might be performance -- you don't have to do as much data copying in a MAC implementation.
That's not a difference in functionality, it's a difference in the level of assurance available that the functionality will robustly continue to be what is desired and expected, under a wide range of conditions. In short, a well-designed air gap device can provide higher assurance than is possible with an application proxy implemented in software on a general-purpose computer running a general-purpose OS.
A piece of information that's not clear from the e-gap information I saw -- what is the software environment of the e-gap product itself? It appears to have three software domains: the inside, the outside, and the SCSI shared RAM. Is there a "conventional OS" in any of those environments? If so, then you've thrown away much of the assurance argument. I wouldn't want to put such a thing up against a competent red team.
Rick. smith () securecomputing com _______________________________________________ Firewall-wizards mailing list Firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- re: Air Gap technology rreiner (Oct 01)
- Re: Air Gap technology Rick Smith (Oct 03)
- IBM MQ security David Lang (Oct 04)
- Re: IBM MQ security Magosányi Árpád (Oct 04)
- Message not available
- Re: IBM MQ security Marcus J. Ranum (Oct 04)
- Re: IBM MQ security John McBrearty (Oct 09)
- IBM MQ security David Lang (Oct 04)
- Re: Air Gap technology Rick Smith (Oct 03)