Title: A Network Firewall 
Authors: Marcus J. Ranum    
File name:pubdocfirewallsMarcus_Ranum_Network_Firewall.ps.Z  
File size:142934 bytes  

Abstract: Information is the lifeblood of the
computer age, and network connectivity is crucial to day-to-day
business. Connecting a private, corporate network to the Internet
is not acceptable without some form of secure gateway acting as a
firewall between the two networks, to prevent miscreants and
unwelcome visitors from accessing hosts on the private network.
In the case of a software or hardware vendor, source code, CAD
diagrams, and other product-specific information must be kept
secret. Hospitals and insurance companies, that maintain
confidential information, or pharmaceutical research labs with
patent applications cannot afford to take chances with data
theft. A break-in over the network could do incalculable damage
in a very short time. Digital has implemented several gateways
between its corporate network and the Internet, which provide a
high degree of acces while maintaining excellent security.  The
gateways are composed of multiple machines acting together, and a
specially configured packet-screning machine that provides
discretionary TCPIP access control. Software is configured across
the gateways to provide transparent USENET, SMTP mail, FTP, and
name service, while preventing direct connections between
internal machines and external machines. This paper discusses the
overall configuration, software used, and some of the security
measures that are in place. These three gateways have been in
operation for over six years, and to date no (discovered)
break-in has occurred. The importance of the gateways is hard to
estimate, since it provides a crucial link between Digital sales
and their customers, as well as maintaining an important presence
on the network.