Firewalls: Re: Proper platform for a firewall

Firewalls
(August 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Proper platform for a firewall
From:	Marcus J Ranum <mjr @ tis . com>
Date:	Thu, 4 Aug 94 15:38:42 EDT
To:	firewalls @ greatcircle . com, padgett @ tccslr . dnet . mmc . com

>Might I be permitted to present the notion that UNIX is in fact *not*
>the proper environment for a Firewall, nor is any multi-user OS, what
>is really needed is a dedicated embedded controller able to sieve packet
>headers on the fly ?

	I don't agree at all.

	You're assuming that "sieving packet headers on the fly" will
give you sufficient control, adequate audit trail, and will meet your
security goals; isn't that rather a large assumption?

	Some of us believe that for some applications you cannot build
a secure enough firewall out of just an IP-level security system. Perhaps
future versions of IP will have enough hooks in them for authentication,
etc that what you suggest will be attractive, but for the time being, I
wouldn't risk anything important to something that leaks like sieve.

mjr.

Indexed By Date	Previous:	Re: NetBSD telnet has source routing abilities by default? From: Tim Newsham <newsham @ uhunix . uhcc . Hawaii . Edu>
Indexed By Date	Next:	s/key vs passwords From: "Vegsund, Richard" <MISRHV @ infosvcs . tmh . tmc . edu>
Indexed By Thread	Previous:	Re: Proper platform for a firewall From: wdawson @ willard . atl . ga . us (Willard Dawson)
Indexed By Thread	Next:	Re: Proper platform for a firewall From: quent . johnson @ Intellistor . COM (Quentin Johnson)