Re: Air gap technologies

[Crispin Cowan <crispin () wirex com>]

Robert Graham wrote:

> The two primary differences I read into it were:
> 1) If you break into the Internet side of the firewall, it is still
> virtually impossible to compromise the backside of the firewall (it is split
> into two separate machines that do not communicate together over TCP/IP).
> 2) By default, its HTTP proxy is a little more strict than your average HTTP
> proxy, and can therefore help against some data driven attacks.

That's the info I was trying to get from the folks who said that they've
inspected the Air Gap system:  the swithc does not pass TCP/IP, but does pass
something.  To what extent does the inside half trust the outside half?  What
is the protocol(s) passing over the switch?  If I hack the outside box, what is
to prevent me from, say, dropping malformed "blocks" on the switch and
corrupting the inside proxy?


> Personally, I feel that the "Air Gap" is a bunch of hot air (Hot Air Gap).
> If you measure it as a black-box, you see communication go through it. The
> description of how it stops/starts communication is exactly how you would
> describe any half-duplex channel. I can't see the difference between this
> "Air Gap" product than simply connecting two boxes together with unbound
> TCP/IP stacks using a raw Ethernet protocol (such as the SCSI-over-Ethernet
> standard :-).

Leading to a fascinating potential for a new open source project with an
obvious name:  Open Gap :-)  Just hook up two Linux/OpenBSD boxen with a
SCSI-over-Ether connection and run Squid & friends on either side.

Crispin

--
Crispin Cowan, Ph.D.
Chief Research Scientist, WireX Communications, Inc. http://wirex.com
Free Hardened Linux Distribution:                    http://immunix.org

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards