I like _most_ of your text but there is, IMHO, a need for a little
generalization of one thing you said. You talk about a firewall as being a
barrier between an organization's network and the Internet. I believe a
firewall should be described as providing a barrier between a trusted
network and an untrusted network. Firewalls need not necessarily have the
Internet on one side.
**** cjolley @
net <Carl Jolley>
**** All opinions are my own and not necessarily those of my employer ****
On Thu, 26 Jan 1995, Dave Crocker wrote:
> At 1:09 PM 1/26/95, smb @
> >We defined a firewall as a collection of components placed between two
> >networks that collectively have the following properties:
> Steve (et al),
> I think that your book uses the right words, first in the brief
> definition, which does refer to "collection of components" (p.9) rather
> than a "box" or somesuch. And then with the list of 3 categories of
> function on p. 51.
> I'm looking for a few sentences or two that we, the Internet
> technical community, can try to propagate particularly among reporters.
> Most people think of a firewall as a box. Yet the dual-router, plus proxy
> servers and gateways model that some of us think is often required is quite
> a bit more elaborate than a single box. Frankly, I would like to bias
> people's thinking to START with the idea of multiple boxes.
> How about an amalgamation and derivation of your texts:
> "A firewall is a collection of one or more machines,
> providing a barrier between an organization's network
> and the Internet, through a range of security functions
> including access filtering, service relaying, and data
> encryption. Firewalls offer different levels of
> protection, depending upon their functions, organization
> and operation."
> Dave Crocker
> Brandenburg Consulting +1 408 246 8253
> 675 Spruce Dr. fax: +1 408 249 6205
> Sunnyvale, CA 94086 dcrocker @