Report Number: CS-TR-95-1558
Institution: Stanford University, Department of Computer Science
Title: Designing an Academic Firewall: Policy, Practice and Experience With SURF
Author: Greenwald, Michael B.
Author: Singhal, Sandeep K.
Author: Stone, Jonathan R.
Author: Cheriton, David R.
Date: December 1995
Abstract: Corporate network firewalls are well-understood and are becoming commonplace. These firewalls establish a security perimeter that aims to block (or heavily restrict) both incoming and outgoing network communication. We argue that these firewalls are neither effective nor appropriate for academic or corporate research environments needing to maintain information security while still supporting the free exchange of ideas. In this paper, we present the Stanford University Research Firewall (SURF), a network firewall design that is suitable for a research environment. While still protecting information and computing resources behind the firewall, this firewall is less restrictive of outward information flow than the traditional model; can be easily deployed; and can give internal users the illusion of unrestricted e-mail, anonymous FTP, and WWW connectivity to the greater Internet. Our experience demonstrates that an adequate firewall for a research environment can be constructed for minimal cost using off-the-shelf software and hardware components.