[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference gyro::internet_toolss

Title:Internet Tools
Notice:Report ALL NETSCAPE Problems directly to kdlucas@netscape.com.rnet? Read note 448.L for beginner information.
Moderator:teco.mro.dec.com::tecotoo.mro.dec.com::mayer
Created:Fri Jun 25 1993
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:4714
Total number of notes:40609

4541.0. "Request for DIGITAL firewall history" by EEMELI::MLAITINEN () Thu Mar 13 1997 02:23

    Hello all
    
	Our firewall experts have been asked to give a presentation on
        DIGITAL firewall history, but they are quite busy at the
        moment, so I got the job. This is scheduled to be on Monday
        17th March, 1997.
    
        Would anyone have any appropriate material for such a presentation
        (notes, papers, pointers, anything)? The info need not be too
        technical but more like an overview of what we (DIGITAL) have
        done over the years (maybe also what we will do in the future?)
    
        All feedback is greatly appreciated.
    
    
        Mikaiiro Laitinen @ FNO
        NSIS
    
    
    	PS. I already asked this in the NOTED::SEAL conference and was told
    	to ask this here...
T.RTitleUserPersonal
Name		DateLines
4541.1Brian ReidVAXCPU::michaudJeff Michaud - ObjectBrokerThu Mar 13 1997 10:321
	I'd contact Brian Reid (in Palo Alto) about decwrl.dec.com (DECWRL::)
4541.2Re: Request for DIGITAL firewall historyQUABBI::"mogul@actitis.pa.dec.com"Jeffrey MogulThu Mar 13 1997 21:3956
In article <4541.0-970313-022314@networking.internet_tools>, mlaitinen@eemeli.enet.dec.com writes:
|>     
|>         Would anyone have any appropriate material for such a presentation
|>         (notes, papers, pointers, anything)? The info need not be too
|>         technical but more like an overview of what we (DIGITAL) have
|>         done over the years (maybe also what we will do in the future?)

As far as I know, the first "firewall" at Digital was an Ultrix-based
router between Digital's network and the Internet.  It had a few hacks
in the kernel to filter packets.  I think this was running in 1988,
when the "Morris Worm" struck (if I got the year right) and it apparently
helped, somewhat, to protect the rest of the company.

I started writing the "screend" program on or just slightly before
19 December 1988 (according to my oldest copy of the source code).
This was inspired by the need to provide more protection than the
existing system.  It was finished and installed within a few months,
and was described in a USENIX paper that summer.  This is probably
the first UNIX-based firewall, although I know that Cisco and Proteon
routers already had some packet-screening support by then (not as
fancy as screend, however).

The USENIX paper is
   Jeffrey C. Mogul. Simple and Flexible Datagram Access Controls
   for Unix-based Gateways. In Proc. Summer 1989 USENIX Conference,
   pages 203-221. Baltimore, MD, June, 1989.

You can get a copy of this paper at
   http://www.research.digital.com/wrl/techreports/abstracts/89.4.html

I also wrote a tutorial document, explaining how to use screend:
    Jeffrey C. Mogul. Using screend to Implement IP/TCP Security
    Policies. Network Note NN-16, DECNSL, July, 1991.
    Reissued as NSL Technical Note TN-2. URL
    http://www.research.digital.com/nsl/publications/TN-2.html. 

Screend was included in the ULTRIX product by that time, and probably
somewhat before then.  It has been included in Digital UNIX since
around the first release of that system.

After that, the people from NSL took over.  They created
SEAL (a packaged version of a complete firewall, which also
included some software from Win Treese, formerly of CRL).
(The original name for SEAL was "Packaged Internet Gateway",
but some people thought that the acronym was wrong.)

Then some other people (Fred Avolio and Marcus Ranum) from
DECUAC created a consulting service called SEAL, which basically
gave away the software but charged a lot to install it.

Several years ago, the Internet Business Group took SEAL
and produced what is now called AltaVista Firewall (although
this started before AltaVista was named).

-Jeff
[posted by Notes-News gateway]
4541.3Thank youEEMELI::MLAITINENTue Mar 18 1997 03:554
    Many thanks for all who provided me with various pieces of information.
    They were very helpful. Thank you.
    
    Allu