Report Number: CS-TR-95-1558
Institution: Stanford University, Department of Computer Science
Title: Designing an Academic Firewall: Policy, Practice and
Experience With SURF
Author: Greenwald, Michael B.
Author: Singhal, Sandeep K.
Author: Stone, Jonathan R.
Author: Cheriton, David R.
Date: December 1995
Abstract: Corporate network firewalls are well-understood and are
becoming commonplace. These firewalls establish a security
perimeter that aims to block (or heavily restrict) both
incoming and outgoing network communication. We argue that
these firewalls are neither effective nor appropriate for
academic or corporate research environments needing to
maintain information security while still supporting the free
exchange of ideas.
In this paper, we present the Stanford University Research
Firewall (SURF), a network firewall design that is suitable
for a research environment. While still protecting
information and computing resources behind the firewall, this
firewall is less restrictive of outward information flow than
the traditional model; can be easily deployed; and can give
internal users the illusion of unrestricted e-mail, anonymous
FTP, and WWW connectivity to the greater Internet. Our
experience demonstrates that an adequate firewall for a
research environment can be constructed for minimal cost
using off-the-shelf software and hardware components.