Over the past eighteen months, user response to our firewall has been generally positive. All common outgoing services are implemented transparently, so most users are completely unaware of the firewall until they need to access internal resources from outside the firewall.
We have, unfortunately, discovered that many people in research environments are unaware of network security risks. Even those who are aware of the issues are reluctant to change their behavior, either because they expect to face considerable inconvenience or because they do not feel that the risks are significant (``breakins happen everywhere else but not to me''). As a result, we must educate new group members about the importance of security, remind them to explicitly separate public and private data, and train them on how to access data through the firewall.
Most user complaints have centered around the support for incoming access. Users complain about being required to carry around a list of one-time passwords for S/Key access. FTP access to secure machines from outside the firewall is also a problem. Our filters disallow FTP connections from outside the firewall, so users must log onto a secure machine and then initiate the FTP from inside the firewall. Finally, our filters block finger requests originating outside the firewall. We found that Internet users rely on finger to provide telephone and address information. To address these concerns, we plan to support finger on one of the expendable hosts.
Although we have amassed a considerable body of experience dealing with one firewall, we do not yet have experience with an environment where all groups are behind their own academic firewall. File transfer between two protected hosts would then presumably require staging on some public machine; for truly sensitive data it would also require encryption and, consequently, more user training.
Finally, the level of interest in firewalls has been noticeably lacking in academic circles, as evidenced by the dearth of forums for exchanging firewall design ideas, issues, and experiences. We see this as unfortunate because many academic institutions are completely unprotected from network attacks. As a result of the lack of interest and experience in this area, those who wish to design an academic firewall have been largely on their own. As the Internet grows and security becomes more of a concern, we expect interest in academic firewalls to grow. A greater body of experience in this area will considerably ease firewall deployment.