Firewalls: Bastions

Firewalls
(August 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Bastions
From:	padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)
Date:	Wed, 3 Aug 94 12:14:12 -0400
To:	"firewalls @ greatcircle . com"@UVS1.dnet.mmc.com

Jack rites:	
>Suppose instead that a bastion host outside the screening router
>handled only external traffic, like email, logins from remote sites and
>ftp, but had no NFS or other direct access through the screening
>router? 

Then it would not exactly be a Bastion either in the dictionary sense
("an angular projection from a wall affording a crossfire on attackers")
or in the firewall sense (C&B pg 51 "an exposed gateway machine"), rather 
this would be more of an "exposed repository" (sure there must be a better 
word but do not have all of my resources handy) "vestibule" or "airlock"
maybe ? Would not even have to be co-located, any service provider could
well offer this function.

Possibly splitting heirs (Aspin) but we mis-communicate so often that it
is important to keep the terms straight.
						warmly,
							Padgett

Follow-Ups:

Re: Bastions
From: paul @ hawksbill . sprintmrn . com (Paul Ferguson)

Indexed By Date	Previous:	Re: spotting PROMISC on Solaris From: Geoff Mulligan <mulligan @ future . Eng . Sun . COM>
Indexed By Date	Next:	Contact info for SRI intrusion detection workshops? From: Brent Chapman <brent @ mycroft . GreatCircle . COM>
Indexed By Thread	Previous:	Re: FAQ or Introductory Documents From: Marcus J Ranum <mjr @ tis . com>
Indexed By Thread	Next:	Re: Bastions From: paul @ hawksbill . sprintmrn . com (Paul Ferguson)