|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [ISN] E-Gap Cuts Off Hacker Access
From: Ben Rothke (ben.rothke
baltimore.com)
Date: Fri Jan 12 2001 - 07:53:13 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello,
The air-gap products got a lot of airplay on the firewall-wizards list some
months back.
Two comments that stand out in reference to the efficacy of air-gap products
are:
A firewall is a tunnel, an air gap is a tunnel. And a tunnel is a tunnel is
a tunnel. Giving it another name doesn’t mean it isn’t the same.
and Roger Marquis said so poignantly: A half-duplex datastream with
pico-second turnaround, coupled with a micrometer gap between two fiber
connectors doesn't make a product anymore or less secure than other
firewalls.
Ben
Ben Rothke, CISSP
Senior Security Consultant
Baltimore Technologies
ben.rothkebaltimore.com
-----Original Message-----
From: ISN Mailing List [mailto:ISNSECURITYFOCUS.COM]On Behalf Of Aleph
One
Sent: Thursday, January 11, 2001 11:31 AM
To: ISNSECURITYFOCUS.COM
Subject: Re: [ISN] E-Gap Cuts Off Hacker Access
On Mon, Jan 08, 2001 at 01:56:06PM +0100, Patrick Oonk wrote:
> What it does is ensure that hackers cannot jump from the Internet into a
> company's "back office" -- the internal Web server or computer where it
> stores sensitive information such as a buyer's credit card details.
>
> The system consists of two servers, or computer systems. One is
> connected to the Internet and the other to
> the back office. A black box in the middle contains a memory device
> toggling between them.
>
> "This eliminates the main way hackers get inside. The main goal is to
> avoid hacking into internal systems," said Whale chief executive Elad
Baron.
>
> "We created an air-gap between the two networks. The back office and
> Internet are completely disconnected at all times," he said. "There is a
> safe zone. If the data is OK, then it's passed on to the back office to
> execute the transaction.''
What a load of bull. Its sad to see a security company attempt to mislead
consumer by telling them they are selling an 'air gap' in an attempt
to associate the security benefits of one with their product. It reminds
me of the crypto vendors claiming they are selling some type of one-time
pad.
In reality what the E-Gap system do is create a proxy connection between
systems that strips down any network layers under the session layer.
What this means is that if you set up a web server using the E-Gap
if an intruder where to break into the external E-Gap system he
could not obtain TCP/IP connectivity to the internal web server.
This is certainly not a bad property to have.
Nonetheless the intruder can still access the web server in the
same way an a regular client. Regardless of the switch that they use
to claim that the systems are "completely disconnected at all times"
there still exists a logical connection between the systems. The
intruder can still break into the internal system by using vulnerabilities
above the transport layer (e.g. use whisker against a web server
protected with E-Gap).
What these people completely miss is that the property of an air gap
that makes it secure is not simply that there is no physical connection
between the devices, but that the logical connection between systems in
an air gap is no automated and that for an attacker to operate the logical
connection (walk from one system to the other with a floppy) he needs
to be physically present were the systems are. A remote attacker is
out of luck. While E-Gap can claim that with their device systems are
"completely disconnected at all times" what the fail to realize is
that their switch operates automatically at all times and thus
there is always a logical connection between the systems connected
with their device.
Its not a bad product, but it is no air gap. Its sad so see
security company continue with these deceptive marketing practices.
--
Aleph One / aleph1underground.org
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".
This footnote confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]