Firewall Wizards mailing list archives
Re: Air gap technologies
From: Crispin Cowan <crispin () wirex com>
Date: Mon, 22 Jan 2001 12:16:49 -0800
Robert Graham wrote:
The two primary differences I read into it were: 1) If you break into the Internet side of the firewall, it is still virtually impossible to compromise the backside of the firewall (it is split into two separate machines that do not communicate together over TCP/IP). 2) By default, its HTTP proxy is a little more strict than your average HTTP proxy, and can therefore help against some data driven attacks.
That's the info I was trying to get from the folks who said that they've inspected the Air Gap system: the swithc does not pass TCP/IP, but does pass something. To what extent does the inside half trust the outside half? What is the protocol(s) passing over the switch? If I hack the outside box, what is to prevent me from, say, dropping malformed "blocks" on the switch and corrupting the inside proxy?
Personally, I feel that the "Air Gap" is a bunch of hot air (Hot Air Gap). If you measure it as a black-box, you see communication go through it. The description of how it stops/starts communication is exactly how you would describe any half-duplex channel. I can't see the difference between this "Air Gap" product than simply connecting two boxes together with unbound TCP/IP stacks using a raw Ethernet protocol (such as the SCSI-over-Ethernet standard :-).
Leading to a fascinating potential for a new open source project with an obvious name: Open Gap :-) Just hook up two Linux/OpenBSD boxen with a SCSI-over-Ether connection and run Squid & friends on either side. Crispin -- Crispin Cowan, Ph.D. Chief Research Scientist, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Air gap technologies, (continued)
- Re: Air gap technologies Paul Cardon (Jan 18)
- RE: Air gap technologies Stiennon,Richard (Jan 16)
- Re: Air gap technologies Crispin Cowan (Jan 18)
- Re: Air gap technologies Frederick M Avolio (Jan 19)
- Re: Air gap technologies Crispin Cowan (Jan 19)
- Re: Air gap technologies Avi Rubin (Jan 19)
- RE: Air gap technologies Robert Graham (Jan 22)
- What is a proxy? Robert Graham (Jan 24)
- RE: What is a proxy? Andreas Haug (Jan 25)
- Re: What is a proxy? Gary Flynn (Jan 25)
- Re: Air gap technologies Crispin Cowan (Jan 24)
- Message not available
- Re: What is a proxy? Marcus J. Ranum (Jan 25)
- Re: Air gap technologies Crispin Cowan (Jan 18)
- Message not available
- pcanywhere encryption hermit1 (Jan 26)
- Re: pcanywhere encryption Crist Clark (Jan 29)
- Re: pcanywhere encryption Randy Witlicki (Jan 29)
- Re: pcanywhere encryption Adam Shostack (Jan 29)
- Re: Air gap technologies Aleph One (Jan 24)
- Re: Air gap technologies Frederick M Avolio (Jan 24)
- Re: Air gap technologies Aleph One (Jan 24)
- Re: Air gap technologies Frederick M Avolio (Jan 24)
- Re: Air gap technologies Crispin Cowan (Jan 24)