Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: Re: Air Gap technology

Re: Air Gap technology

From: Rick Smith <rick_smith_at_securecomputing.com>
Date: Mon, 02 Oct 2000 17:25:49 -0500

At 03:06 PM 9/29/00, rreiner_at_fscinternet.com wrote:

>The point is that any traditional application proxy firewall,
>architected as software running atop a general-purpose operating
>system, has failure modes in which L2 or L3 isolation fails and the
>device passes L2 or L3 traffic, effectively becoming a bridge or a
>router -- the software can have a bug, the administrator can make a
>mistake, or the device can be subverted through a buffer overflow,
>format-string overflow, etc.

Hear, hear. That's why Sidewinder doesn't sit atop a COTS operating system,
and relies on mandatory access control (MAC) mechanisms. However,
Sidewinder's lack of dominance in the firewalls market might suggest that
something more than security is on many customers' minds.

>Technologies such as Whale's eGap don't have this easily-reachable
>failure mode. If there actually is a failure mode in which the eGap
>device is so compromised that it begins to operate as a bridge or
>router -- quite unlikely, since it would require some pretty fancy
>footwork to pass Ethernet frames or IP datagrams over a solid state
>SCSI disk -- any such is certainly in a much more remote region of the
>total state space of the device than the analogous failure is in the
>state space of a conventional application proxy firewall.

One could say the same for firewalls that use various flavors of MAC. There
is no straight line from one network interface to the other at either the
hardware or software level. The only difference might be performance -- you
don't have to do as much data copying in a MAC implementation.

>That's not a difference in functionality, it's a difference in the
>level of assurance available that the functionality will robustly
>continue to be what is desired and expected, under a wide range of
>conditions.
>
>In short, a well-designed air gap device can provide higher assurance
>than is possible with an application proxy implemented in software on a
>general-purpose computer running a general-purpose OS.

A piece of information that's not clear from the e-gap information I saw --
what is the software environment of the e-gap product itself? It appears to
have three software domains: the inside, the outside, and the SCSI shared
RAM. Is there a "conventional OS" in any of those environments? If so, then
you've thrown away much of the assurance argument. I wouldn't want to put
such a thing up against a competent red team.

Rick.
smith_at_securecomputing.com

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards_at_nfr.net
http://www.nfr.net/mailman/listinfo/firewall-wizards
Received on Oct 03 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]