home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.protocols.tcp-ip
- Path: sparky!uunet!newsgate.watson.ibm.com!yktnews!admin!slapshot!nrt
- From: nrt@watson.ibm.com (Nicholas R. Trio)
- Subject: Re: Firewall usage (was: Re: ping works, but ftp/telnet get "no route)
- Sender: news@watson.ibm.com (NNTP News Poster)
- Message-ID: <1992Jul24.203544.28491@watson.ibm.com>
- Date: Fri, 24 Jul 1992 20:35:44 GMT
- Disclaimer: This posting represents the poster's views, not necessarily those of IBM
- References: <BrsM1C.36v@cs.columbia.edu> <1992Jul24.045228.11119@decuac.dec.com> <17008@ulysses.att.com>
- Nntp-Posting-Host: slapshot.watson.ibm.com
- Organization: IBM T.J. Watson Research Center
- Lines: 30
-
- I do use firewalls/secure servers here at IBM. I've sometimes thought
- of myself as a "bad neighbor" or a leach since my users can get out
- to the Internet, but we don't really provide much return service for
- others. However, it is a necessary evil because of folks who I'm sure
- would love to get into our systems.
-
- When someone asks me about networks, I think of them as a highway, with
- folks host systems/workstations as houses with front doors and locks
- on them. In an ideal environment, every workstation or host would have
- really secure front doors on them, and everyone can drive up to the houses
- anywhere on the net...only if they have the right key can they get
- into the house.
-
- The problems are (1) the "front doors" to the computers just aren't strong
- enough and (2) even if they were, it's possible to get copies of the
- "keys" (passwords, etc.) by sniffing the network. Thus, for the most
- part, I have to have a gate that only allows folks to get out, and only
- lets in those who are authentic users.
-
- Authentication is possible (many places are using authenticator
- "smart cards" like the Digital Pathways' Secure-Net Key which allows
- for authentication of remote users. However, for the immediate future,
- I suspect many organizations worried about who's "driving up to their
- door" will use firewalls.
-
- Nick Trio (nrt@watson.ibm.com)
- IBM T.J. Watson Research Center
-
-
-
-