Firewall Wizards mailing list archives

Re: FW: Is this for real (e-Gap from Whale Communications)

From: Rick Smith <rick_smith () securecomputing com>
Date: Thu, 11 Nov 1999 13:55:46 -0600

A problem that didn't get much play in Squire's review...

IMHO the e-gap mechanism shares the same fatal flaw as the competition
(firewalls, guards, etc) -- since it passes data, *and* data today contains
executable logic, then people can always find a way to attack the inside
via hostile logic (macro viruses, malicious applets, whatever). The e-gap
technology doesn't do a thing about any of this itself. In fact, their web
information suggests that they can only address such problems via filtering
installed on the "trusted" side. This gives the site admins one more
package to buy and configure and maintain -- ugh!

I agree with Squire's suggestion that one could build an IP layer across
the air gap, and that would instantly negate all of its claimed security
benefits. I've heard rumors that people have even done IP embedded in SMTP
e-mail, though perhaps that's another security urban legend. If they tried
to do *that* across the old Standard Mail Guard they probably would have
run afoul with latency (an A1-like platform on 68030s -- of *course* it's
slow!).


Rick.
smith () securecomputing com
"Internet Cryptography" at http://www.visi.com/crypto/

Current thread:

RE: Is this for real (e-Gap from Whale Communications) Ogrodnek, Larry (Nov 10)
- <Possible follow-ups>
- RE: Is this for real (e-Gap from Whale Communications) Ogrodnek, Larry (Nov 11)
- FW: Is this for real (e-Gap from Whale Communications) Ogrodnek, Larry (Nov 11)
- Re: FW: Is this for real (e-Gap from Whale Communications) Rick Smith (Nov 11)
- RE: FW: Is this for real (e-Gap from Whale Communications) Squire, Jonathan (Nov 11)
- RE: FW: Is this for real (e-Gap from Whale Communications) Frederick M Avolio (Nov 14)
  - RE: FW: Is this for real (e-Gap from Whale Communications) Rick Smith (Nov 14)