Re: E-Gap Cuts Off Hacker Access

[Aleph One <aleph1 () UNDERGROUND ORG>]

On Mon, Jan 08, 2001 at 01:56:06PM +0100, Patrick Oonk wrote:
> What it does is ensure that hackers cannot jump from the Internet into a
> company's "back office" -- the internal Web server or computer where it
> stores sensitive information such as a buyer's credit card details.
>
> The system consists of two servers, or computer systems. One is
> connected to the Internet and the other to
> the back office. A black box in the middle contains a memory device
> toggling between them.
>
> "This eliminates the main way hackers get inside. The main goal is to
> avoid hacking into internal systems," said Whale chief executive Elad Baron.
>
> "We created an air-gap between the two networks. The back office and
> Internet are completely disconnected at all times," he said. "There is a
> safe zone. If the data is OK, then it's passed on to the back office to
> execute the transaction.''

What a load of bull. Its sad to see a security company attempt to mislead
consumer by telling them they are selling an 'air gap' in an attempt
to associate the security benefits of one with their product. It reminds
me of the crypto vendors claiming they are selling some type of one-time
pad.

In reality what the E-Gap system do is create a proxy connection between
systems that strips down any network layers under the session layer.
What this means is that if you set up a web server using the E-Gap
if an intruder where to break into the external E-Gap system he
could not obtain TCP/IP connectivity to the internal web server.
This is certainly not a bad property to have.

Nonetheless the intruder can still access the web server in the
same way an a regular client. Regardless of the switch that they use
to claim that the systems are "completely disconnected at all times"
there still exists a logical connection between the systems. The
intruder can still break into the internal system by using vulnerabilities
above the transport layer (e.g. use whisker against a web server
protected with E-Gap).

What these people completely miss is that the property of an air gap
that makes it secure is not simply that there is no physical connection
between the devices, but that the logical connection between systems in
an air gap is no automated and that for an attacker to operate the logical
connection (walk from one system to the other with a floppy) he needs
to be physically present were the systems are. A remote attacker is
out of luck. While E-Gap can claim that with their device systems are
"completely disconnected at all times" what the fail to realize is
that their switch operates automatically at all times and thus
there is always a logical connection between the systems connected
with their device.

Its not a bad product, but it is no air gap. Its sad so see
security company continue with these deceptive marketing practices.

--
Aleph One / aleph1 () underground org
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".