Firewall Wizards mailing list archives

Re: Air gap technologies

From: Crispin Cowan <crispin () wirex com>
Date: Tue, 23 Jan 2001 15:32:49 -0800

Frederick M Avolio wrote:

At 12:22 PM 1/23/01 -0800, Aleph One wrote:

What I should have said is that these dual-host systems implemented with a
physical air gap and dual-host systems implemented via some other type
of point-to-point connection (such a a serial cable) have the same exact
security properties.


With the added property that the cable is only ever connected to one side
or the other at a time?


The assertion from those of us in the skeptics gallery is that a cable
connected to only one end at a time is equivalent to a veeeerrrrry long cable,
i.e. no significant difference.  We await a cogent explanation of how it is
different, and snipe until we get one :-)

Anyway... I tire of this discussion and I am sort of hoping the moderator
decides to pull the plug. As a friend of mine says, I don't have any dogs
in this fight.


I'm tired of the debate going in circles.  I feel we are close to resolution,
but not there yet, and I'm still inclined to yell "snake oil!" the next time I
see "air gap".  If Marcus cuts us off now, then all the flaming :-) has been
for naught.

I don't want to sound like I am brushing anyone off, but I
am caring less and less whether I convince anyone of my opinion in this.


It's not about opinions, and never was.  I'm very happy to hear that the basic
software engineering on either side of the troublesome gap appears to be good,
but that was always entirely beside the point.

The point is to clearly identify the security value, if any, of the device
being marketed as an "air gap."  If there is value, it is constructive to
understand that value.  If there is not, then Whale is (for good or bad)
apparently selling good software technology glued to a big ol' jug of snake
oil.  I want to know which is the case.

Thanks,
    Crispin

--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution:                    http://immunix.org

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Air gap technologies, (continued)
- - - Re: Air gap technologies Crispin Cowan (Jan 24)
    - Message not available
    - Re: What is a proxy? Marcus J. Ranum (Jan 25)
    - Message not available
    - pcanywhere encryption hermit1 (Jan 26)
    - Re: pcanywhere encryption Crist Clark (Jan 29)
    - Re: pcanywhere encryption Randy Witlicki (Jan 29)
    - Re: pcanywhere encryption Adam Shostack (Jan 29)
    - Re: Air gap technologies Aleph One (Jan 24)
    - Re: Air gap technologies Frederick M Avolio (Jan 24)
    - Re: Air gap technologies Aleph One (Jan 24)
    - Re: Air gap technologies Frederick M Avolio (Jan 24)
    - Re: Air gap technologies Crispin Cowan (Jan 24)
    - Re: Air gap technologies Frederick M Avolio (Jan 25)
    - Re: Air gap technologies Crispin Cowan (Jan 25)
    - Re: Air gap technologies Aleph One (Jan 24)
  - Re: Air gap technologies Eilon Gishri (Jan 18)
  - Re: Air gap technologies Aleph One (Jan 18)
- RE: Air gap technologies Frank Darden (Jan 18)
- RE: Air gap technologies LeGrow, Matt (Jan 18)
- Re: Air gap technologies Frederick M Avolio (Jan 19)
  - Re: Air gap technologies Crispin Cowan (Jan 22)
- RE: Re: Air gap technologies rreiner (Jan 22)

(Thread continues...)