home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!usc!sdd.hp.com!think.com!barmar
- From: barmar@think.com (Barry Margolin)
- Newsgroups: comp.protocols.tcp-ip
- Subject: Re: Firewall usage
- Date: 29 Jul 1992 00:15:34 GMT
- Organization: Thinking Machines Corporation, Cambridge MA, USA
- Lines: 22
- Message-ID: <154nv6INN7ja@early-bird.think.com>
- References: <1992Jul24.161006.12786@practic.com> <JTW.92Jul27142002@pmws.lcs.mit.edu> <1992Jul28.010344.9414@PA.dec.com>
- NNTP-Posting-Host: telecaster.think.com
-
- In article <1992Jul28.010344.9414@PA.dec.com> mogul@pa.dec.com (Jeffrey Mogul) writes:
- >Alas, while parts of the Internet can (and should) continue to follow
- >the "everything not forbidden is permitted" approach, which allows for
- >evolution, other parts have to follow the "everything not permitted
- >is forbidden" rule.
-
- I'm the maintainer of part of our firewall, and I unfortunately have to
- agree that in many circumstances (like ours), the second rule is necessary.
-
- We have developers here implementing new protocols all the time, such as
- inter-machine diagnostics and special-purpose file access. With the first
- rule, these would suddenly become accessible to anyone on the Internet, and
- crackers could wreak havoc with our development systems (or maybe even
- destroy or get access to proprietary data). The second rule is more
- limiting, but it's the only thing that works when the environment on this
- side of the firewall is very open.
-
- --
- Barry Margolin
- System Manager, Thinking Machines Corp.
-
- barmar@think.com {uunet,harvard}!think!barmar
-