Firewall Wizards mailing list archives
Re: Air gap technologies
From: Crispin Cowan <crispin () wirex com>
Date: Fri, 19 Jan 2001 12:34:46 -0800
Frederick M Avolio wrote:
If you can name one fundamental thing the Air Gap can do that a proxy firewall can't, then i'd lend credence to the hype.Well... I don't see how e-Gap from Whale could have been susceptible to a problem as Gauntlet was with the Cyber Patrol as reported in May 2000.
I assume that you mean this problem http://www.mis-cds.com/news/security/20000522gaunt.html This is roughly similar to the hypothetical "Where Gap" scenario that I posted. The Air Gap is two proxy firewalls separated by the funky switch. A vulnerability such as the above critical buffer overflow would allow the attacker to own the outside of the Air Gap. The critical factor now is "to what extent does the inside proxy trust the outside proxy?" I have not reviewed the technology, but you have. If we can satisfactorily resolve this question, then there may yet be a legitimate basis for claiming that the Air Gap proxy is qualitatively different from other proxies. Thanks, Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Air gap technologies, (continued)
- Re: Air gap technologies Frederick M Avolio (Jan 24)
- Re: Air gap technologies Crispin Cowan (Jan 24)
- Re: Air gap technologies Frederick M Avolio (Jan 25)
- Re: Air gap technologies Crispin Cowan (Jan 25)
- Re: Air gap technologies Aleph One (Jan 24)
- Re: Air gap technologies Crispin Cowan (Jan 22)
- Re: Air gap technologies Aleph One (Jan 25)
- Re: Air gap technologies Eilon Gishri (Jan 24)
- RE: Air gap technologies Marcus J. Ranum (Jan 25)
- Re: Air gap technologies Aleph One (Jan 25)