Home Archive RSS/XML Subscribe Shop

Re: [ISN] E-Gap Cuts Off Hacker Access

From: Aleph One <aleph1_at_UNDERGROUND.ORG>
Date: Fri 12 Jan 2001 - 09:48:55 CST
On Fri, Jan 12, 2001 at 08:53:13AM -0500, Ben Rothke wrote:
> Hello,
>
> The air-gap products got a lot of airplay on the firewall-wizards list some
> months back.
>
> Two comments that stand out in reference to the efficacy of air-gap products
> are:
>
> A firewall is a tunnel, an air gap is a tunnel. And a tunnel is a tunnel is
> a tunnel. Giving it another name doesn’t mean it isn’t the same.
>
> and Roger Marquis said so poignantly:  A half-duplex datastream with
> pico-second turnaround, coupled with a micrometer gap between two fiber
> connectors doesn't make a product anymore or less secure than other
> firewalls.

Well the one property that E-Gap does have that regular proxy firewalls
don't is that is composed of two systems. If the external systems gets
compromised its does not immediately mean the internal one will. You may
still find a vulnerability in the internal system via the application layer
(which you can do without breaking into the system) or you may find a
vulnerability in the transport layer that they use to shuffle requests
back and forth between the systems. This obviously depends on the
complexity of the protocol and the quality of its implementation.

With a regular proxy server once you break into it you would normally
find no problem to get at systems behind the proxy. The exception to
this may be systems that implement some type of compartmentalization
in which breaking into the external compartment does not mean getting
access to the internal one. This was mentioned in the firewall-wizards
list by one of the folks at Security Computing.

Of curse almost anyone can create their own E-Gap system but connecting
two systems via some type of point-to-point connection such as a serial
cable and writing some simple software to shuttle web requests, mail
messages, or files across the cable via a simple protocol.

> Ben

--
Aleph One / aleph1@underground.org
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".
Received on Sat Jan 13 02:14 CST 2001
Google
 
Web www.infosecnews.org
© Copyright 2007 InfoSec News
Home Archive RSS/XML Subscribe Shop Privacy