Firewall Wizards mailing list archives
Re: Air Gap info from Whale's founder
From: Rick Smith at Secure Computing <rick_smith () securecomputing com>
Date: Thu, 12 Oct 2000 16:19:40 -0500
At 08:27 PM 10/10/00, Elad Baron wrote:
As the founder of Whale Communications, and the original architect of the e-Gap System, I would like to share with you some of the design considerations we had while developing the product.
Very good. Marcus Ranum is probably chuckling about this, because several years back he was in the role I'm playing as skeptic while Earl Boebert explained to the world how great Sidewinder was supposed to be. (It eventually did some of the things Earl said it would, but not nearly everything).
But before I dive into the technical issues, let me just briefly comment on the definition issue that keeps popping up in this discussion. I do not believe marketing issues such as names of categories should be a major concern in a technical newsgroup as this one ...
That's really up to the moderator. I assume Marcus puts up with it because the marketing terminology really should be consistent with the way a product is discussed in the technical community. If a company's marketing strategy seems to be trying to confuse and trick people, then we have to wonder what they are trying to hide.
For the record, I think 'eGap' is a fine name for the product. I'd like to avoid repeating my eariler complaints against the term "air gap" but will simply refer interested people to earlier discussions on this list.
but let me assure you that the differences from a security standpoint between the e-Gap System and a typical (lets say Check Point) firewall are much greater than the differences between such a firewall and a router. So if you agree on the distinction between the firewall category and the router category, you should have no problem accepting the Air Gap category.
Trust me, just about every high end firewall vendor does what you're trying to do: redefine the market categories to make your product sound special. Here at SCC we have Patented Type Enforcement (TM), Checkpoint has Stateful Packet Filtering, CyberGuard has MLS (but call it something else), and I forget what the others have: pH Balanced Gardol with Aloe Vera, perhaps. And some of these differences Really Matter as far as security goes. Rather than going into a PR rant about Sidewinder, let me just say that it's satisfied some extremely picky customers in the security arena.
Let me also comment on the following excerpt:
... We are focused only on access from the outside to your applications - we do not deal with your internal users' traffic to/from the Internet. Your internal users will still browse out through an Internet firewall.
This is an incredibly bad approach to network security architecture. You don't put a 3 ton safe door over one entrance to the bank vault and a cheap fire door from Home Depot over the other.
And now, I regret that I have to bow out of this discussion. Perhaps I'll see some of you at NISSC next week.
Rick. smith () securecomputing com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr net http://www.nfr.net/mailman/listinfo/firewall-wizards
Current thread:
- Air Gap info from Whale's founder Elad Baron (Oct 11)
- Re: Air Gap info from Whale's founder Rick Smith at Secure Computing (Oct 14)
- Re: Air Gap info from Whale's founder Frederick M Avolio (Oct 16)
- <Possible follow-ups>
- Air Gap info from Whale's founder Paz (Oct 12)
- Re: Air Gap info from Whale's founder Rick Smith at Secure Computing (Oct 14)