(This is a repost from a message I just posted to [EMAIL PROTECTED])
(Disclaimer: This is based on a quick cursory reading of their
website content, I might be way off here)
The way I see it, Whale Communications have simply separated the
two halves of an application level gateway (or "transparent proxy")
by storing the application level data on a SCSI device
that both halves have access to via separate SCSI cables.
This should indeed guard against any and all TCP/IP level attacks,
and hopefully guard against the inner half being compromised as
a result of the outer one being compromised. The latter depends
on how well written their code is (I'm thinking buffer overruns
in their "packets" that get passed from the outer half to the
inner half.)
What it DOES NOT automatically guard against is, for instance,
virii transmitted by email (in the case of the email gateway)
or poorly written CGIs on internal web servers (in the case
of the HTTP gateway)
I'd imagine the old use-phf-to-show-the-passwd-file vulnerability
will work just fine through the e-gap unless it explicitly knows
about it and blocks it. All other scripting problems probably
apply as well.
Basic point:
If you put format.exe in your IIS /scripts directory and let
outside people access it, through an e-gap or not, you're toast.
(NO i do NOT want wise ass comments saying "No it wont you have
to pass arguments to it".. Bleurghl. You're missing the point.)
IMNSHO, this makes e-gap just about as effective as your basic
proxy firewall, albeit with the added protection that complete
firewall compromise (outer AND inner half) is not as likely as
with normal firewalls. (Still feasible though).
/Mike
Frederick M Avolio wrote:
>
> At 11:07 AM 11/9/99 -0800, Jesus Gonzalez wrote:
> >Is anyone familiar with Whale Communications' Air Gap technology?
> >www.whalecommunications.com
> >They claim that there is no physical connections, no IP, yet e-commerce
> >applications can access the 'back office' in real time. I don't see how
> >that's possible if there is no physical connection.
>
> I'm familiar with it. I did a product review for them of their e-Gap (TM)
> system and have provided consulting services for them. They use a really
> fast, toggling memory device. They demonstrated this at The Internet
> Security Conference in Boston. They were also handing out a technical white
> paper I wrote.
>
> I think it is quite elegant and simple a solution. It seems to be fast
> enough and at any instant in time there is a probable disconnect between
> the networks (really two different machines on two different networks).
> There web page has more information than you seem to have, so perhaps you
> didn't dig down enough. Go to their home page
> (http://www.whalecommunications.com/) and click on Air Gap Technology.
>
> (This is not a firewall product, though can be used with firewalls.
> Prolonged discussion maybe should be taken off list or with Whale.)
>
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
