Firewall Wizards mailing list archives
Re: FW: Is this for real (e-Gap from Whale Communications)
From: Rick Smith <rick_smith () securecomputing com>
Date: Thu, 11 Nov 1999 13:55:46 -0600
A problem that didn't get much play in Squire's review... IMHO the e-gap mechanism shares the same fatal flaw as the competition (firewalls, guards, etc) -- since it passes data, *and* data today contains executable logic, then people can always find a way to attack the inside via hostile logic (macro viruses, malicious applets, whatever). The e-gap technology doesn't do a thing about any of this itself. In fact, their web information suggests that they can only address such problems via filtering installed on the "trusted" side. This gives the site admins one more package to buy and configure and maintain -- ugh! I agree with Squire's suggestion that one could build an IP layer across the air gap, and that would instantly negate all of its claimed security benefits. I've heard rumors that people have even done IP embedded in SMTP e-mail, though perhaps that's another security urban legend. If they tried to do *that* across the old Standard Mail Guard they probably would have run afoul with latency (an A1-like platform on 68030s -- of *course* it's slow!). Rick. smith () securecomputing com "Internet Cryptography" at http://www.visi.com/crypto/
Current thread:
- RE: Is this for real (e-Gap from Whale Communications) Ogrodnek, Larry (Nov 10)
- <Possible follow-ups>
- RE: Is this for real (e-Gap from Whale Communications) Ogrodnek, Larry (Nov 11)
- FW: Is this for real (e-Gap from Whale Communications) Ogrodnek, Larry (Nov 11)
- Re: FW: Is this for real (e-Gap from Whale Communications) Rick Smith (Nov 11)
- RE: FW: Is this for real (e-Gap from Whale Communications) Squire, Jonathan (Nov 11)
- RE: FW: Is this for real (e-Gap from Whale Communications) Frederick M Avolio (Nov 14)
- RE: FW: Is this for real (e-Gap from Whale Communications) Rick Smith (Nov 14)