Re: Is this for real

[Joseph S D Yao <jsdy () cospo osis gov>]

On Mon, Nov 15, 1999 at 04:38:48PM +0800, Saravana Ram wrote:
...
> How does a physical separation of the network really help? At the end, if you
> can coerce the outer gatekeeper to pass information through the "gap" (by the
> usual BOF methods etc) you'd still have a security breach. To coerce a
> firewall to pass a packet between two network interfaces on the same PCI bus
> is the same as coercing this Whale setup to write a packet to this scsi disk
> (or logical device).
>
> I don't see the added protection.

I'm not an Eleet Gamer, but I've seen folks play these games where they
have to pass fire, water, spikes, anvils, locked doors, and different
kinds of nasty creatures.  Each one requires a different trick to get
past, and sometimes different tricks at different times.

Similarly, different devices such as these require the crackers to learn
new tricks to get past them.  Or they will just stump the script kiddies.

This device will foil any hacks that depend on packet makeup, because it
will remove the data from the packet, and then deliver it - completely
untouched, as I understand it - in new packets out the other end.
Funny, I thought we already had proxy-based firewalls to do the same.
Perhaps this is primarily for security officers who can understand
mechanical functionality but not logical functionality.  In any case, as
many have said, at this point we can primarily regard it as a new toy to
test, to see whether it actually does add any value.  I don't have one;
so if you do, and can test it and tell us something about it, please do.

;-)

-- 
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO/OSIS Computer Support                                     EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.