Firewalls: Re: Lecture on firewall performance

Firewalls
(April 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Lecture on firewall performance
From:	woods @ ncar . ucar . edu (Greg Woods)
Date:	Wed, 26 Apr 95 14:41:42 MDT
To:	robp @ anubis . network . com (Rob Peglar)
Cc:	jgs @ aads . net, firewalls @ greatcircle . com, dtynan @ karpov . ilo . dec . com
In-reply-to:	<9504261347 . AA02338 @ anubis . network . com>; from "Rob Peglar" at Apr 26, 95 8:52 am

> You should check out the NSC DX/E. 

This may be my fault for loosely throwing around the term "firewall".
But we don't want to rely on packet filters to make sure that it's
really their CRAY talking to our CRAY. We have no assurance that their
CRAY hasn't been compromised by bad guys, and even if it hasn't,
everybody here knows by now that source addresses on packets can be forged.
So speed of the router is not where we're going to fall down. Our
external connections will have to log in through a gateway machine,
probably running the TIS proxies, so we can use a strong authentication
scheme to make sure that someone claiming to be one of our remote users
really is that person.  So we need an application gateway, not a
router, that can pass packets at faster-than-T1 speeds.

--Greg

References:

Re: Lecture on firewall performance
From: robp @ anubis . network . com (Rob Peglar)

Indexed By Date	Previous:	Re: E-mail virus scanning(Good Times) From: Carl Jolley <cjolley @ iac . net>
Indexed By Date	Next:	Re: Secure Modem Pool From: peter @ nmti . com
Indexed By Thread	Previous:	Re: Lecture on firewall performance From: robp @ anubis . network . com (Rob Peglar)
Indexed By Thread	Next:	Re: Lecture on firewall performance From: jgs @ aads . net (John G. Scudder)