> From firewalls-owner @
GreatCircle .
COM Tue Sep 13 05:50:32 1994
> From: sgcccdc @
citec .
qld .
gov .
au (Colin Campbell)
> Subject: Quit now or keep going?
> To: firewalls @
GreatCircle .
COM
> Date: Tue, 13 Sep 94 13:18:13 EST
> X-Mailer: ELM [version 2.3 PL11]
> Content-Length: 790
> Sender: Firewalls-Owner @
GreatCircle .
COM
>
> Greetings!
>
> Should I quit now or keep going? I am in the ignominious position of having to
> implement a firewall to protect several organisations over which I have absolutely
> no control. Let me explain.
>
> Internet
> |
> |
> Firewall
> |
> |
> -----------+------------------
> | Router(s) |
> --+--------+-------+--------+-
> | | | |
> | | | |
> OrgA OrgB OrgC Us
>
> Everybody wants news/mail/mosaic/everything. There is no traffic permitted between
> any two `Org's. We (Us) have access to all `Org's and they to us. We have absolutely
> no control over most of the hosts in any Org. If any one Org gets broken, chances are
> everyone gets broken. All Orgs and Us are `sensitive'.
>
> Anyone got any comments?
>
> Colin
>
>
Hi Colin,
I should say, keep going. Your in a very pleasant position (IMHO) because you
don't have to trust anyone (that's one problem less :-)). Offer you firewall as
a service. Only take responsibility over things you can support with your
firewall. The basic functions of the firewall could be;
1) blocking of services
2) Registration of sessions
3) Autorisation
4) Authentication
All these functions should be policy based by people of the 'Orgs".
You only provide a mechanism to support these policy based decisions!
Every session between 'Us' and the Internet and the other 'Orgs' must be
permitted by the firewall. Every 'Org' should control their own net and THEY
should tell YOU what is allowed and what's not! In this way you are only
responsable for the technical aspect of the firewall and persons of any of the
'Orgs' are responsable for the policy aspects of security.
By using ACL's in the router(s) you can force every session out of any 'Org' to
go through the firewall. Traffic between 'Orgs' can be blocked by the same ACL.
If any one 'Org' is broken, you can offer loggings to prove who or what was
responsable for the incident if the 'attack' came through your firewall. If the
incident was a internal affair of any of the 'Orgs' it should not be your
problem (unless they give you full control over their nets)
Hope this helps,
Just my personal opinion :-)
Rens Schipper
_/_/_/ _/ _/ _/ _/_/ _/_/Rens Schipper EMAIL:rens @
rivm .
nl,bnf @
rivm .
nl
_/ _/ _/ _/ _/ _/ _/_/ _/Network Management and Facilities (BNF)
_/_/_/ _/ _/ _/ _/ _/ _/National Institute Of Public Health And
_/ _/ _/ _/_/ _/ _/Environmental Protection(RIVM), The Netherlands,
_/ _/ _/ _/ _/ _/PO box 1, 3720 BA, BILTHOVEN, tel:3130-743123
|
|
