next up previous
Next: References Up: Designing an Academic Previous: Acknowledgements

Filter Rules

Figure gif illustrates the filter rules used to implement our security policy discussed in Section 2.



(a) We filter the first UDP fragment and assume that later
    fragments are useless without the first.

(b) We treat certain protocols as safe and allow those packets
    through to every host.  These protocols are not listed here because
    they would then become a target and no longer be safe.

(c) Rejecting all IP multicast packets is acceptable because all
    multicast applications can be run on expendable hosts.  If a multicast
    application were to be selectively enabled, then corresponding IGMP
    packets must also be allowed.

(d) We currently accept ARP responses from our network gateway,
    which is located on the other side of the firewall.  The gateway is
    also under someone else's administrative control, so its Ethernet
    interface could be changed without our knowledge.  (We would
    need to be informed if its IP address changed.)  If our packet filter
    were implemented in a router, then we could filter all ARP packets.

: Filtering Rules for Processing Incoming Packets

If a filtered protocol is needed for our research or for a particular application, then we either run the process on an expendable machine or establish a proxy on a bastion and change the filters.

= .8

Sandeep Singhal
Thu Nov 30 01:58:58 PST 1995