Re: Air Gap info from Whale's founder

[Rick Smith at Secure Computing <rick_smith () securecomputing com>]

At 08:27 PM 10/10/00, Elad Baron wrote:
> As the founder of Whale Communications, and the original architect of the
> e-Gap System, I would like to share with you some of the design
> considerations we had while developing the product.

Very good. Marcus Ranum is probably chuckling about this, because several 
years back he was in the role I'm playing as skeptic while Earl Boebert 
explained to the world how great Sidewinder was supposed to be. (It 
eventually did some of the things Earl said it would, but not nearly 
everything).

> But before I dive into the technical issues, let me just briefly comment on
> the definition issue that keeps popping up in this discussion. I do not
> believe marketing issues such as names of categories should be a major
> concern in a technical newsgroup as this one ...

That's really up to the moderator. I assume Marcus puts up with it because 
the marketing terminology really should be consistent with the way a 
product is discussed in the technical community. If a company's marketing 
strategy seems to be trying to confuse and trick people, then we have to 
wonder what they are trying to hide.

For the record, I think 'eGap' is a fine name for the product. I'd like to 
avoid repeating my eariler complaints against the term "air gap" but will 
simply refer interested people to earlier discussions on this list.

>  but let me assure you that the
> differences from a security standpoint between the e-Gap System and a
> typical (lets say Check Point) firewall are much greater than the
> differences between such a firewall and a router. So if you agree on the
> distinction between the firewall category and the router category, you
> should have no problem accepting the Air Gap category.

Trust me, just about every high end firewall vendor does what you're trying 
to do: redefine the market categories to make your product sound special. 
Here at SCC we have Patented Type Enforcement (TM), Checkpoint has Stateful 
Packet Filtering, CyberGuard has MLS (but call it something else), and I 
forget what the others have: pH Balanced Gardol with Aloe Vera, perhaps. 
And some of these differences Really Matter as far as security goes. Rather 
than going into a PR rant about Sidewinder, let me just say that it's 
satisfied some extremely picky customers in the security arena.

Let me also comment on the following excerpt:

> ... We are focused only on access from
> the outside to your applications - we do not deal with your internal users'
> traffic to/from the Internet. Your internal users will still browse out
> through an Internet firewall.

This is an incredibly bad approach to network security architecture. You 
don't put a 3 ton safe door over one entrance to the bank vault and a cheap 
fire door from Home Depot over the other.

And now, I regret that I have to bow out of this discussion. Perhaps I'll 
see some of you at NISSC next week.

Rick.
smith () securecomputing com


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards