A carefully controlled ``network identity'' is a second element of our academic firewall. The public image---the host names, addresses, and services---exposed to the Internet become the first target for intruders. By limiting the number of exposed hosts and strategically setting up those resources, we reduce our exposure to the most common attacks.
Our public image consists only of ``expendable'' hosts and decoy host names, as shown in Figure 3.
Figure 3: Only Expendable Hosts and Decoys are Exposed to the Internet
An expendable host is an outside-the-firewall machine whose data can be easily re-created from information kept securely behind the firewall. A decoy host name points either to a non-existent machine or to a machine instrumented to simply log all accesses. We do not publish DNS entries for any of the machines located inside the firewall, except for bastion hosts discussed in Section 3.
Our public image is designed to support untrusted interactions with the wider Internet community. These interactions fall into three categories: information dissemination, insecure software and experimental protocols, and guest users.