Re: E-Gap Cuts Off Hacker Access

[InfoSec News <isn () C4I ORG>]

Forwarded by: Joseph Steinberg <joseph () whale-com com>

An intruder cannot access an internal web server in the same way as a
regular client (with a network connection) could as the e-Gap forces
thorough application-level content-inspection of user input to take
place before the data reaches the real web server. Data analysis and
content inspection is all performed on safe internal machines
(protected by the e-Gap), and because networking is not used to
transport data across the e-Gap, the only destination that the
internal system will use for retransmitting data on the internal
network is the pre-defined target machine. As such, data inspection
will occur and cannot be circumvented or tampered with from outside of
the e-Gap. This inspection includes granular analysis of URLS --
including regular expression comparisons -- (to prevent DEBUG features
from being inappropriately utilized, various types of buffer overflow
attacks, incorrectly formatted parameter problems, etc.). E-Gap can
also perform additional security checks (e.g., additional levels of
authentication at the inspection machine before a user is allowed to
even have his/her request on a network wire with the target web
server.)

The e-Gap system is composed of the e-Gap appliance and its associated
software (all the software-based system management and configuration
is done from the internal trusted side).

BTW: It is obviously not practical to build an e-Gap with a serial
cable as today?s bandwidth requirements are generally many times
greater than the typical maximum bandwidth of a serial port (115
Kbps). An individual e-Gap system has a bandwidth of almost 1000 times
greater than that of a serial port, and a high-availability e-Gap
system reaches almost 5,000 times the bandwidth.

           _.._
           (_.-.\         Joseph Steinberg
       .-,       `        Director of Technical Services
  .--./ /     _.-""-.     Whale Communications
   '-. (__..-"       \
      \          a    |   joseph () whale-com com
       ',.__.   ,__.-'/   (201) 947-9177 x1511
         '--/_.'----'`    

http://www.whalecommunications.com


Join our complimentary web-based seminar for a technical demo of
Whale's e-Gap solution (<http://www.whalecommunications.com/forum>),
Wednesday, February 14, 2001, 1:00 pm Eastern Time, 12:00 pm Central
Time, 10:00 am Pacific Time.

Visit us at SANS New Orleans (<http://www.sans.org/>) at Booth 19,
Jan. 30-31, and receive your free gift!

See us at CeBit 2001, Hannover (<http://www.cebit.de/>), Israel
National Pavilion, Hall 4, Mar 22-28.



> On Fri, Jan 12, 2001 at 08:53:13AM -0500, Ben Rothke wrote:
> > Hello,
> >
> > The air-gap products got a lot of airplay on the 
> > firewall-wizards list some months back.
> >
> > Two comments that stand out in reference to the efficacy 
> > of air-gap products are:
> >
> > A firewall is a tunnel, an air gap is a tunnel. And a 
> > tunnel is a tunnel is a tunnel. Giving it another name doesn't 
> > mean it isn't the same.
> >
> > and Roger Marquis said so poignantly:  A half-duplex datastream 
> > with pico-second turnaround, coupled with a micrometer gap between 
> > two fiber connectors doesn't make a product anymore or less secure 
> > than other firewalls.
>
> Well the one property that E-Gap does have that regular proxy
> firewalls don't is that is composed of two systems. If the
> external systems gets compromised its does not immediately mean
> the internal one will. You may still find a vulnerability in the
> internal system via the application layer (which you can do
> without breaking into the system) or you may find a vulnerability
> in the transport layer that they use to shuffle requests back and
> forth between the systems. This obviously depends on the
> complexity of the protocol and the quality of its implementation.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".