Lenny,
A sufficiently skilled attacker with physical access to any computer, including those
running Windows NT, can do any number of malicious things, some of which are extremely
hard to detect. That vulnerability applies to any software product installed on the
platform, and includes firewalls, routers, etc. If that is the threat model, then the
administrator must provide for the physical security of the NetLOCK Gateway, the
network behind it, and the devices it is protecting.
The NetLOCK Gateway has been designed to protect against outside network attacks. As
an IPsec device, it provides authenticated, secure communications with other IPsec
devices (VPNs, other NetLOCK Agents, etc.) and can be configured to ignore (block) all
other network traffic.
I am acutely aware that the devil is in the details, of course.
>A software implementation on an ordinary PC seems to make the NetLOCK
>machine an extraordinarily tempting target for a subtle attack, such
>as one that patches the running code to dramatically reduce the
>keyspace used. May I assume that they have some clever scheme to
>prevent this, or is it just that I misunderstand what they're doing?
