Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!know!zaphod.mps.ohio-state.edu!wuarchive!rice!rice!sun-spots-request
From: lars@spectrum.cmc.com (Lars Poulsen)
Newsgroups: comp.sys.sun
Subject: Re: Xenophobic TCP gatewaying
Keywords: Miscellaneous
Message-ID: <1990Oct7.223458.27859@rice.edu>
Date: 7 Oct 90 21:30:00 GMT
Sender: sun-spots-request@rice.edu
Organization: Sun-Spots
Lines: 34
Approved: Sun-Spots@rice.edu
Originator: spots@walhalla.rice.edu
X-Sun-Spots-Digest: Volume 9, Issue 321, message 9

In article <1990Sep20.203310.373@rice.edu> turner@ksr.com (James M. Turner) writes:
>We're starting to look at the problem of securing a potential Internet
>gateway.  Basically, the problem can be stated as such:
>
>We want to be able to accept incoming mail and news, and make FTP requests
>and logins to the net.  Other than that, we don't want ANY incoming or
>outgoing traffic allowed.  In addition, we want to have verified and
>absolutely secure versions of the daemons to be the ones we run.  We also
>want to be able to make FTP requests from any machine on the local net,
>but DO NOT want any packet from the outside to be able to pass the gateway
>machine.

We do it in a two-step:
(1) Our connection to the outside world is a non-programmable IP
    router with an ethernet plug on one side, and an X.25 connection
    to the local NSF-regional on the other side.
    This router is told to discard any packets with an ethernet IP
    address other than that of our "logical gateway" (see below).
    In our instance, the physical gateway is our own DRN-3200,
    but many ULANA compliant IP routers have such security filters.
(2) The logical gateway is a Sun 3/50 which does not participate in
    Yellow pages, and does not import any filesystems. It does, however,
    export some file systems, such as /usr/news, RFC repositories,
    etc.
(3) The logical gateway may be trusted by any other hosts on the site.
    The logical gateway may trust any other hosts it cares to.

We believe this to be simpler and safer than putting network connections
on the largest fileserver around, and then trying to secure it.  Since
security and convenience are obviously opposites, each site must make its
own tradeoffs.

/ Lars Poulsen, SMTS Software Engineer
  CMC Rockwell  lars@CMC.COM