Daemon News: Building an ATM Firewall with BSDMar 26, 2000, 16:28 (0 Talkback[s])
(Other stories by Martin Wellard)
"As a system administrator in a large academic institution, it is obvious to me that network security should be a high priority when planning a network strategy. However, it's not the system administrators that make the decisions and while most managers are willing to pay lip service to the need for security, they are far less willing to actually start writing cheques."
"After a couple of unsuccessful crack attempts (and a couple of partially successful ones) we were able to justify a firewall. This in itself was an achievement. However, even at the best of times, the world of UK academia moves at a snail's pace and I for one wanted something in place very quickly...."
"Personally, I dislike ATM as a way of carrying IP, and dislike LANE even more. There are plenty of reasons for this that run beyond the scope of this article but I was keen to avoid its use in a firewall and the thought of a firewall on NT turns the blood cold. So it was time to take action. We discussed various possible methods of creating an ethernet level "gap" between our external connection and the main part of the network, which would allow us to implement a nice bridging firewall with OpenBSD. However, after many discussions it became apparent that our network equipment was incapable of letting us do this, and ATM was the only way around it."