Re: Air Gap technology

[Rick Smith <rick_smith () securecomputing com>]

At 03:06 PM 9/29/00, rreiner () fscinternet com wrote:

> The point is that any traditional application proxy firewall,
> architected as software running atop a general-purpose operating
> system, has failure modes in which L2 or L3 isolation fails and the
> device passes L2 or L3 traffic, effectively becoming a bridge or a
> router -- the software can have a bug, the administrator can make a
> mistake, or the device can be subverted through a buffer overflow,
> format-string overflow, etc.

Hear, hear. That's why Sidewinder doesn't sit atop a COTS operating system, 
and relies on mandatory access control (MAC) mechanisms. However, 
Sidewinder's lack of dominance in the firewalls market might suggest that 
something more than security is on many customers' minds.

> Technologies such as Whale's eGap don't have this easily-reachable
> failure mode.  If there actually is a failure mode in which the eGap
> device is so compromised that it begins to operate as a bridge or
> router -- quite unlikely, since it would require some pretty fancy
> footwork to pass Ethernet frames or IP datagrams over a solid state
> SCSI disk -- any such is certainly in a much more remote region of the
> total state space of the device than the analogous failure is in the
> state space of a conventional application proxy firewall.

One could say the same for firewalls that use various flavors of MAC. There 
is no straight line from one network interface to the other at either the 
hardware or software level. The only difference might be performance -- you 
don't have to do as much data copying in a MAC implementation.

> That's not a difference in functionality, it's a difference in the
> level of assurance available that the functionality will robustly
> continue to be what is desired and expected, under a wide range of
> conditions.
>
> In short, a well-designed air gap device can provide higher assurance
> than is possible with an application proxy implemented in software on a
> general-purpose computer running a general-purpose OS.

A piece of information that's not clear from the e-gap information I saw -- 
what is the software environment of the e-gap product itself? It appears to 
have three software domains: the inside, the outside, and the SCSI shared 
RAM. Is there a "conventional OS" in any of those environments? If so, then 
you've thrown away much of the assurance argument. I wouldn't want to put 
such a thing up against a competent red team.

Rick.
smith () securecomputing com


_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards