Security News > 2001 > January > Re: E-Gap Cuts Off Hacker Access
Forwarded by: Joseph Steinberg An intruder cannot access an internal web server in the same way as a regular client (with a network connection) could as the e-Gap forces thorough application-level content-inspection of user input to take place before the data reaches the real web server. Data analysis and content inspection is all performed on safe internal machines (protected by the e-Gap), and because networking is not used to transport data across the e-Gap, the only destination that the internal system will use for retransmitting data on the internal network is the pre-defined target machine. As such, data inspection will occur and cannot be circumvented or tampered with from outside of the e-Gap. This inspection includes granular analysis of URLS -- including regular expression comparisons -- (to prevent DEBUG features from being inappropriately utilized, various types of buffer overflow attacks, incorrectly formatted parameter problems, etc.). E-Gap can also perform additional security checks (e.g., additional levels of authentication at the inspection machine before a user is allowed to even have his/her request on a network wire with the target web server.) The e-Gap system is composed of the e-Gap appliance and its associated software (all the software-based system management and configuration is done from the internal trusted side). BTW: It is obviously not practical to build an e-Gap with a serial cable as today?s bandwidth requirements are generally many times greater than the typical maximum bandwidth of a serial port (115 Kbps). An individual e-Gap system has a bandwidth of almost 1000 times greater than that of a serial port, and a high-availability e-Gap system reaches almost 5,000 times the bandwidth. _.._ (_.-.\ Joseph Steinberg .-, ` Director of Technical Services .--./ / _.-""-. Whale Communications '-. (__..-" \ \ a | joseph () whale-com com ',.__. ,__.-'/ (201) 947-9177 x1511 '--/_.'----'` http://www.whalecommunications.com Join our complimentary web-based seminar for a technical demo of Whale's e-Gap solution (), Wednesday, February 14, 2001, 1:00 pm Eastern Time, 12:00 pm Central Time, 10:00 am Pacific Time. Visit us at SANS New Orleans () at Booth 19, Jan. 30-31, and receive your free gift! See us at CeBit 2001, Hannover (), Israel National Pavilion, Hall 4, Mar 22-28.