I'm Gary Goldberg, a sysadmin at the U.S. Census
Bureau in DC. My organization (Census) is
working to set up an Internet firewall for the use
of our users. There has been some controversy
over how best to configure things so that our
internal network and all the Title XIII data kept
there is secure, and that we are comfortably safe
from penetration attacks from the Internet, while
still allowing our users a reasonable level of access
to the available outside resources.
Specifically, we have suggested the use of a properly
configured brouter to disallow any connections
from the outside, but allowing a machine on the outside
of our secured network to act as a mail relay host, DNS
server for our top level domain, etc. We'd like to
allow internal users the freedom to telnet, ftp, run
Mosaic etc. from the inside connecting out, while
still maintaining a high degree of security from outside
There has been some difficulties getting all of our
interested parties (internal Security group,
telecommunications group, etc.) seeing eye to eye
on what is required. We feel that it would be useful to
learn how other organizations with similar stingent data
protection requirements have handled this situation.
Particularly we are interested in learning how auditing
is handled, but overall strategies would be useful.
Have other US government agencies dealt with this type
of problem, and do you have any advice for us?
I'd appreciate any help or suggestions you can make - I
can be reached here at og @
net, or you can
reach me at ggoldber @
gov, which gets forwarded
here. For authentication purposes, I'm employed by the
System Support Division of the Census Bureau, an agency of
the U.S. Department of Commerce. My office number is
(301) 763-2706 and the main Census headquarters information
number is (301) 763-1000 or can be obtained from Washington
DC phone books.
- Gary Goldberg