[11570] in Commercialization & Privatization of the Internet
Re: Internet abuse and firewalls
daemon@ATHENA.MIT.EDU (Morten Reistad)
Fri Apr 8 22:15:36 1994
To: francis@avalle.insoft.com (John [Francis] Stracke)
Cc: com-priv@psi.com, mrr@galba.boers.no
In-Reply-To: Your message of "Fri, 08 Apr 1994 13:11:50 +0500."
<9404081711.AA03046@avalle.insoft.com>
Date: Sat, 09 Apr 1994 02:44:15 +0200
From: Morten Reistad <mrr@galba.boers.no>
In <9404081711.AA03046@avalle.insoft.com> <francis@avalle.insoft.com>
(John [Francis] Stracke) writes :
>Right. The first reaction is "OK, put it on a host outside the
>firewall." Problem: if you can't trust anything outside the firewall,
>someone could corrupt that info, which might or might not mean you
>weren't meeting the obligation, but could pretty definitely be bad for
>your image. You'd have to cut a CD-ROM (or, better yet, a WORM) or
>put it on a write-protected floppy or something. (The system can be
>told to set up a file, or filesystem, as read-only; but that can be
>corrupted, too.)
If you are really worried about the modification of some data on a disk;
configure it read-only in hardware. Most disks do this with a small
jumper on the drive itself. Then mount it read-only, and see to it
that the machine with the disk is kept in a secure place. Such a
machine could then reside on the DMZ in the firewall.
-- Morten Reistad <mrr@boers.no>
