Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Air gap technologies

From: Crispin Cowan <crispin () wirex com>
Date: Fri, 19 Jan 2001 12:34:46 -0800
Frederick M Avolio wrote:


If you can
name one fundamental thing the Air Gap can do that a proxy firewall
can't, then i'd lend credence to the hype.


Well... I don't see how e-Gap from Whale could have been susceptible to a
problem as Gauntlet was with the Cyber Patrol as reported in May 2000.


I assume that you mean this problem
http://www.mis-cds.com/news/security/20000522gaunt.html

This is roughly similar to the hypothetical "Where Gap" scenario that I
posted.

The Air Gap is two proxy firewalls separated by the funky switch.  A
vulnerability such as the above critical buffer overflow would allow the
attacker to own the outside of the Air Gap.

The critical factor now is "to what extent does the inside proxy trust the
outside proxy?"  I have not reviewed the technology, but you have.  If we
can satisfactorily resolve this question, then there may yet be a legitimate
basis for claiming that the Air Gap proxy is qualitatively different from
other proxies.

Thanks,
    Crispin

--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution:                    http://immunix.org

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: