Designing an academic firewall: policy, practice, and experience with SURF

Author

Greenwald, Michael ; Singhal, Sandeep K. ; Stone, Jonathan R. ; Cheriton, David R.

Author_Institution

Dept. of Comput. Sci., Stanford Univ., CA, USA

fYear

1996

fDate

22-23 Feb 1996

Firstpage

79

Lastpage

92

Abstract

Corporate network firewalls are well-understood and are becoming commonplace. These firewalls establish a security perimeter that aims to block (or heavily restrict) both incoming and outgoing network communication. We argue that these firewalls are neither effective nor appropriate for academic or corporate research environments needing to maintain information security while still supporting the free exchange of ideas. In this paper we present the Stanford University Research Firewall (SURF), a network firewall design that is suitable for a research environment. While still protecting information and computing resources behind the firewall, this firewall is less restrictive of outward information flow than the traditional model; can be easily deployed; and can give internal users the illusion of unrestricted e-mail, anonymous FTP, and WWW connectivity to the greater Internet. Our experience demonstrates that an adequate firewall for a research environment can be constructed for minimal cost using off-the-shelf software and hardware components

Keywords

Internet; security of data; SURF; Stanford University Research Firewall; WWW connectivity; academic firewall; anonymous FTP; e-mail; hardware components; network communication; off-the-shelf software; security perimeter; Collaboration; Computer hacking; Computer science; Costs; Data security; Electronic mail; Information security; Protection; Web and internet services; World Wide Web;

fLanguage

English

Publisher

ieee

Conference_Titel

Network and Distributed System Security, 1996., Proceedings of the Symposium on

Conference_Location

San Diego, CA

Print_ISBN

0-8186-7222-6

Type

conf

DOI

10.1109/NDSS.1996.492415

Filename

492415