About InfoWorld : Advertise : Subscribe : Contact Us : Awards : Events : Store
InfoWorld HomeNewsTest CenterOpinionsProduct GuideTechIndex
 
 
NEWS

 
e-Gap beta effectively shuttles apps, data

By David Piscitello, For InfoWorld Test Center
March 3, 2000

IN AN AGE OF Web presence, e-commerce, and mobile workforces, enterprises that must allow these types of network access face a unique conundrum: They must permit selected inbound access from the Internet to a company's Web servers, while also allowing customers, business partners, and supply-chain partners to access corporate databases and e-business applications.

   ADVERTISEMENT
  

Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

Sponsored by Dell

Free IT resource

Try Sun servers, workstations and storage products free for 60-days.

Sponsored by Sun Microsystems

RELATED LINKS
»  Taiwan group expects PRAM chips in three years
»  DRAM price falls 25 percent
»  Sun delivers first UltraSparc T2-based servers
»  Hardware RSS feed 

IDG ENTERPRISE NETWORK
More Desktops News...  (ComputerWorld)
Juniper enhances routers for IP TV  (ComputerWorld)

TOP NEWS 


IT SOLUTION SEARCH
Whether you move the accessible servers to your network's demilitarized zone, punch holes through a firewall, or cascade a firewall to allow inbound access to mission-critical servers, you invariably place your most sensitive data at unacceptable risk of unauthorized access, theft, or destruction.

Security administrators joke that the best way to secure a server is to remove it from a network, and Whale Communications' e-Gap system does just that. It combines physical separation, or "air gap," hardware with file transfer and transaction software that shuttles application data between external networks and internal servers to insulate the internal servers from TCP/IP-and OS-based attacks. In addition, e-Gap can enhance security considerably for businesses that simply cannot put sensitive data at risk.

Because I tested a beta version, it did not receive a score; however, I found the system architecture simple and elegant, and the GUI easy to navigate and use.

The beta version of the e-Gap configuration application still has minor software bugs. On occasion, I had to repeat commands to have them take effect. However, this will most likely be fixed by the time the product ships in March.

Owl Computing Technologies' Secure DTFS provides a similar solution to enable one-way inflow file transfer from external to internal LANs, but does not allow the read/write transactions that e-Gap does.

The standard e-Gap system deployment consists of a nonprogrammable switching device, the e-Gap Appliance, and two Windows NT servers. I connected an NT server located on my "extranet" subnet to the external SCSI interface of my e-Gap Appliance -- a memory bank from which access is governed by an analog switch. I then connected an NT server representing my back-office server to the internal SCSI interface of the e-Gap Appliance. Next I installed Transaction and file transfer software on both servers. These software shuttles transfer application data across the e-Gap Appliance, over virtual connections ("trunks") you construct via the e-Gap software's GUI. In a typical transaction or data transfer, one server writes application data to the memory bank. The e-Gap Appliance disconnects the memory bank from this server upon completion of the write operation and connects to the other server, which then may read the data. No unauthorized data can pass through the air gap, and all data delivered to the internal NT server can be inspected.

To test the e-Gap system, I performed basic Web inquiries and ran SSL (Secure Sockets Layer)-encrypted sessions from my desktop browser to an internal Web server using the Transaction Shuttle. The internal servers are protected from TCP/IP-based attacks because these protocols are not forwarded through the shuttle; so if your external server is being subjected to a denial of service attack, your back-office server would remain immune and would continue to operate. I ran a series of scans and attacks using a commercial network scanner and penetration testing tools and could not access the internal server. For secure transactions, the SSL protocol is shuttled to the internal host, so sensitive data remains encrypted while passing through the external server and are decrypted only when the data is transferred via the e-Gap Appliance to the internal server. The SSL server's private key and any local databases used (such as for authentication) reside safely on the internal host(s) as well.

To test the File Shuttle, I created mirrored directories on both the external and internal servers, and set up a "drop-box." When someone drops a file into the directory on the external server, e-Gap immediately removes it from that directory and shuttles it into the internal directory, where it can be quarantined until it is inspected.

The e-Gap shuttles prevent access to internal servers, but do not prevent malicious code from passing between the external server and the internal server. However, the e-Gap software can be complemented with mobile-code filters, content inspection, and application-specific filters to provide greater security.

The application shuttles are nicely complemented by a real-time monitoring application and helpful logging facilities. IT managers who must maintain stringent access control and integrity policies on mission-critical servers should consider the e-Gap system a complement to conventional extranet and intranet security measures, despite the minor problems I encountered with the user interface.


David Piscitello (dave@corecom.com) is president of Core Competence, a network consulting company.



  BOTTOM LINE
Whale e-Gap system, beta
BUSINESS CASE
Enterprises that must offer business-to-business and business-to-consumer services cannot risk exposing mission-critical servers to external attacks. The e-Gap System adds an attractive layer of security by providing physical separation of internal servers from external networks.

TECHNOLOGY CASE
This hardware/software system insulates internal servers from security attacks using physical separation and application shuttle technology. The additional security measure makes the installation effort worthwhile.

PROS

+ Protects internal host server against TCP/IP and OS-based attacks

+ Protects encryption keys, mission-critical data

+ Application-level content inspection


CONS

- Co-location of external and internal servers required due to e-Gap Appliance's SCSI interface


COST
Starts at $43,000

PLATFORMS
Windows NT 4.0, Service Pack 5

SHIPPING DATE
March 31, 2000

COMPANY
Whale Communications Inc. Fort Lee, N.J. (201) 947-9177; www.whale-com.com


RELATED SUBJECTS

Servers

SPONSORED WHITE PAPERS
EMC - Lower costs and improve reliability-Get the EMC CLARiiON white paper!
Ciphertrust - Are you ready for Sobig.G? Learn how to protect your email systems.
CDW - Personal attention. CDW. The Right Technology. Right Away.
EMC - Explore key performance features and capabilities of EMC ControlCenter 5.1.1.
Intel - Free Intel white paper shows you how to deploy a secure wireless LAN
Cisco - FREE WHITE PAPER: BLUEPRINT to design and implement secure VPNs
Verity, Inc. - "Mass Consolidation Hits the Web-Search Market"
McDATA - Download a FREE storage consolidation white paper from McDATA(R).
Lucent Technologies - Overcoming Common Firewall Limitations
Lucent Technologies - Leverage Your Mobile High Speed Data Access. Download Free White Paper!
Nokia - Get the scoop! Mobilizing business white papers & case studies.
BMC Software - Maximize the Potential of Enterprise Data: Free white paper!
Network Associates - Free white paper - Strategies for Optimizing Network Costs and Benefits
Entrust - Manage identities across applications. Improve productivity.
Stalker Software - CommuniGate Pro - Transform your Email and Calendaring
Remedy - A NEW Gartner Research Note:Producing Quality IT Services

Search the IDG White Paper Library:


SPONSORED LINKS

INFOWORLD MARKETPLACE


» IT Solutions Providers: Make room for more profit.
Find out how Seagate helps you satisfy customer needs and boost profits. Visit Seagate now.
» Find IT Consultant
Post Your Project for Free. Get Bids from Thousands of Pre-Screened Consultants. Register Now!
» Apply BPM and ITIL at your IT Help Desk
ServiceWise brings BPM to complete IT service while eliminating integration cost. Learn more here.
» Register for your FREE Desktop Virtualization kit.
Take command of the desktop with VMware desktop virtualization  Register today for your FREE kit.
» Six Best Practices in Storage Consolidation
Six best practices can ensure the success of your consolidation project. Read this NEW storage ...

 HOME  NEWS  TEST CENTER  OPINIONS  PRODUCT GUIDE  TECHINDEX   About : Advertise : Subscribe : Contact Us : Awards : Events 

Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy

All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services.

Computerworld :: Network World :: CIO :: PC World :: Darwin :: CMO :: CSO
IT Careers :: JavaWorld :: Macworld :: Mac Central :: Playlist :: GamePro :: GameStar :: Gamerhelp
ITWorld Canada :: Computerwoche :: Techworld UK :: tecChannel :: IDG.se :: IDG.no