Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Air gap technologies

From: Aleph One <aleph1 () underground org>
Date: Thu, 25 Jan 2001 16:13:34 -0800
I forgot to add something to my last message. I apologize for replying
to my own message. I know its in bad form.

It should also be noted that these dual-host proxies are nothing new.
In fact Bill Cheswick described just such set up as being used at
AT&T Bell Labs in his "The Design of a Secure Internet Gateway" paper.
http://www.ja.net/CERT/Cheswick/gateway.html

Quoting from his abstract: 

        "This paper describes our Internet gateway. It is an application-level
        gateway that passes mail and many of the common Internet services 
        between our internal machines and the Internet. This is accomplished 
        without IP connectivity using a pair of machines: a trusted internal 
        machine and an untrusted external gateway. These are connected by
        a private link. The internal machine provides a few carefully-guarded 
        services to the external gateway. This configuration helps protect the 
        internal internet even if the external machine is fully compromised."

Sounds familiar doesn't it?

-- 
Aleph One / aleph1 () underground org
http://underground.org/
KeyID 1024/948FD6B5 
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01 
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: