At 06:32 AM 8/23/99 -0400, W Joel Gridley wrote:
>Depends on how nit-picky you want to get with the definition of a firewall.
>
>FIREWALL; A system, combination of systems, or security policy that enforces
> a boundary between resources, hosts, or networks.
Nice definition, but a little awesomely inclusive. Would include
just about any and all types of security technology, wouldn't it. That sort
of definition gets useless pretty quickly.
>BASTION HOST; A hardened system expected to potentially become attacked by
intruders. Usually placed between the internet and an internal LAN.
When Marcus Ranum came up with the concept of a bastion host, it was
explicitly within the context of a firewall server. An networked server --
certainly any at the junction of a LAN and the Internet -- might be expected
to routinely fact intruder attacks. (And what some folks consider
"hardening" of a server OS is enough to make you cry;-)
>These definitions may not be widely accepted, but depending on how you
>define what a firewall is, what you describe below kinda fits.
As I said, almost anything fits when you make the definitions loose
enough.
>
>Never heard of TopSecret, but I'd consider it a firewall product from what
>you describe.
Even relatively sophisticated folks today often have to acknowledge
that their experience is often limited to client/server architectures. (As
others have little experience with C/S topologies.)
Top Secret (along with RAC-F and ACF2) have been, for decades, the
leading access control modules for MVS on IBM's OS/370-OS/390 family of
mainframes. They enforce a combination of -- generally one-factor, i.e.
static password-based -- user authentication, but also apply a sophisticated
table-based specification of (per-user or per-group) authorization rights
which hopefully express the site's security policy.
Suerte,
_Vin
>At 10:33 AM 8/23/99 +0200, Skough Axel IT-S wrote:
>>Hello Bill,
>>
>>I do, but as a firewall product??? No, to me it is a security system similar
>>to RACF for the IBM MVS computers (System 360/370/390), it runs on releases
>>370, XA and ESA. But it controls local access within the computer for
>>different adress spaces to files etc. It is an ACL system, not a firewall
>>product. But - of course, it could have been extended making it possible to
>>use a MVS system as a firewall, rather it should intecept with the NJE
>>subsystem?? But this is not regular TCP/IP.
>>
>>There is a special TCPIP system adress space in the MVS which possibly could
>>intercept with a Top Secret system??? I dunno, there are many years since I
>>was concerned with MVS systems.
>>
>>Regards,
>>
>>Axel
>>
>> ----------
>> Fr�n: Bill Casti (System Admin) [SMTP:[EMAIL PROTECTED]]
>> Skickat: Saturday, August 21, 1999 2:43 AM
>> Till: Firewalls List
>> Ang�ende: Firewall Product "TopSecret"?
>>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
