Firewall Wizards mailing list archives
Re: Air gap technologies
From: Crispin Cowan <crispin () wirex com>
Date: Tue, 23 Jan 2001 15:32:49 -0800
Frederick M Avolio wrote:
At 12:22 PM 1/23/01 -0800, Aleph One wrote:What I should have said is that these dual-host systems implemented with a physical air gap and dual-host systems implemented via some other type of point-to-point connection (such a a serial cable) have the same exact security properties.With the added property that the cable is only ever connected to one side or the other at a time?
The assertion from those of us in the skeptics gallery is that a cable connected to only one end at a time is equivalent to a veeeerrrrry long cable, i.e. no significant difference. We await a cogent explanation of how it is different, and snipe until we get one :-)
Anyway... I tire of this discussion and I am sort of hoping the moderator decides to pull the plug. As a friend of mine says, I don't have any dogs in this fight.
I'm tired of the debate going in circles. I feel we are close to resolution, but not there yet, and I'm still inclined to yell "snake oil!" the next time I see "air gap". If Marcus cuts us off now, then all the flaming :-) has been for naught.
I don't want to sound like I am brushing anyone off, but I am caring less and less whether I convince anyone of my opinion in this.
It's not about opinions, and never was. I'm very happy to hear that the basic software engineering on either side of the troublesome gap appears to be good, but that was always entirely beside the point. The point is to clearly identify the security value, if any, of the device being marketed as an "air gap." If there is value, it is constructive to understand that value. If there is not, then Whale is (for good or bad) apparently selling good software technology glued to a big ol' jug of snake oil. I want to know which is the case. Thanks, Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Air gap technologies, (continued)
- Re: Air gap technologies Crispin Cowan (Jan 24)
- Message not available
- Re: What is a proxy? Marcus J. Ranum (Jan 25)
- Message not available
- pcanywhere encryption hermit1 (Jan 26)
- Re: pcanywhere encryption Crist Clark (Jan 29)
- Re: pcanywhere encryption Randy Witlicki (Jan 29)
- Re: pcanywhere encryption Adam Shostack (Jan 29)
- Re: Air gap technologies Aleph One (Jan 24)
- Re: Air gap technologies Frederick M Avolio (Jan 24)
- Re: Air gap technologies Aleph One (Jan 24)
- Re: Air gap technologies Frederick M Avolio (Jan 24)
- Re: Air gap technologies Crispin Cowan (Jan 24)
- Re: Air gap technologies Frederick M Avolio (Jan 25)
- Re: Air gap technologies Crispin Cowan (Jan 25)
- Re: Air gap technologies Aleph One (Jan 24)
- Re: Air gap technologies Crispin Cowan (Jan 22)