Jesus Gonzalez wrote:
>
> My guess is that there is a shared disk subsystem between the servers
> and the back office? Is this correct? If so, then doesn't that still make
> a physical connection?
I thought so too but further review indicates its a shared
memory device with SCSI interfaces. I'd thought the
"air gap" could have been the cushion of air the disk
heads ride on but I guess its a "virtual gap". :)
They also say there is
"- No TCP/IP
- No network protocols
- No physical connection
- No Operating System"
and that they support
"- Secure URL Shuttle
- Secure File Shuttle
- Secure Mail Shuttle "
One wonders how one supports those without an operating
system or TCP/IP. :)
They would be better off saying the two endpoints aren't
connected by tcp, protocols, and physical connections and
leave out the OS. This would also make it clear that they
don't have a magic box that can talk to the Internet
without TCP, protocols, connections, or OS. But then that
might confuse some decision makers :)
Hmmm. "physical connections" doesn't necessarily imply
a traditional, wired communications channel like
ethernet, RS232, ATM, etc. If the box has a wire on
one side and a wire on the other side, it would
seem to me that the organization has a "physical connection"
to the Internet. Oh well.
They claim they don't run an OS because its dedicated
"nonprogrammable" controller software. I guess embedded
software isn't considered an OS anymore and isn't subject
to bugs.
If I was to hazard a guess, I'd say they're assembling simple
files (ftp/mail/url) and writing them to memory on one side
and then a second processor (which one assumes also runs an OS and
TCP to communicate to the inside machines :) pulls it from memory
and forwards it. If its not doing it in "whole files" but only packet
transactions, I'm going to have to think a bit about
the difference between shuttling request/response packets
in SCSI memory and request/response packets in an application
firewalls' memory buffers. I guess the main thing that
comes to mind is the separate processors.
Of course if the file contains a virus, bug exploiting
the application like the plethora of IE bugs out lately,
or executable content, all bets are off.
As far as susceptibility to protocol errors, I guess it boils
down to the granularity of what gets passed through the SCSI
memory...packets, transactions, files, or what. The lower
the granularity, the more the device looks to me like
an application firewall.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
