Firewall Wizards mailing list archives

Re: Air gap technologies

From: Crispin Cowan <crispin () wirex com>
Date: Thu, 18 Jan 2001 12:50:26 -0800

Frederick M Avolio wrote:

As I said ages ago when this came up before... I have reviewed the
technology. I like it. I am not a vendor. I call it an Air Gap. So, I
disagree with your analysis that it is a distortion of the truth.


I would really like to see a response from Frederick or Avi that addresses Matt
LeGrow's question:  what fundamental capabilities does the Whale "Air Gap" have
that an application proxy does not?  If such a qualitative difference can be
defined and defended, then I'll buy the proposition that "air gap" is meaningful.
If not, then this is a fancy word for "proxy", and the technical discussion should
focus on "why my proxy is better than your proxy."

For instance, consider the case where the proxy has a vulnerability.  Lets say
(for sake of argument) that the "Where Gap" product :-) has an identical switch to
the Air Gap, but used the WU-FTPD on either side of the switch for FTP proxies,
and unfortunately has not upgraded since teh format bug vulnerability was
disclosed last June.  This immediately lets the attacker 0wn the outside half of
the Where Gap.

Now the attacker can drop whatever content they like onto the switch.  I don't
know if WU-FTPD is vulnerable to attacks via that channel.  Can Frederick or Avi
comment on how robust the inside half of the Air Gap is against arbitrary content
appearing on the switch device?

This is the key point.  A standard architecture application proxy is compromised
if it is using a vulnerable FTPD as a proxy.  The outside half of a switched proxy
is equally vulnerable.  How much safer is the inside because of the presence of
the switch?

Caveat:  discussion about the software quality of the inside half are not exactly
germain here.  Standard proxy vendors can respond, with equal validity, that their
proxies have "hoo-hah" or "FooBar" things in them to make them robust against
attack.  The interesting question is "what value does the switch hardware provide
in defending the inside half of the proxy?"

Thanks,
    Crispin

--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution:                    http://immunix.org



_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Air gap technologies Avi Rubin (Jan 16)
- Re: Air gap technologies Paul Cardon (Jan 18)
- <Possible follow-ups>
- RE: Air gap technologies Stiennon,Richard (Jan 16)
  - Re: Air gap technologies Crispin Cowan (Jan 18)
    - Re: Air gap technologies Frederick M Avolio (Jan 19)
    - Re: Air gap technologies Crispin Cowan (Jan 19)
    - Re: Air gap technologies Avi Rubin (Jan 19)
    - RE: Air gap technologies Robert Graham (Jan 22)
    - What is a proxy? Robert Graham (Jan 24)
    - RE: What is a proxy? Andreas Haug (Jan 25)
    - Re: What is a proxy? Gary Flynn (Jan 25)
    - Re: Air gap technologies Crispin Cowan (Jan 24)
    - Message not available
    - Re: What is a proxy? Marcus J. Ranum (Jan 25)
    - Message not available
    - pcanywhere encryption hermit1 (Jan 26)
    - Re: pcanywhere encryption Crist Clark (Jan 29)
    - Re: pcanywhere encryption Randy Witlicki (Jan 29)

(Thread continues...)