Today's firewall software is comparable to the security systems of ancient castles--it assesses the characteristics of an individual, and then grants or denies entry.
Our homes are our castles. At least, it used to be true that most of our possessions could be found somewhere in our homes. For many of us, of course, that is no longer so. Many of our possessions--like bank accounts, contracts, and letters--now exist only in the form of bits, spinning around on a computer disk somewhere. We protect the latter with as much rigor as we have always protected the former--often even with considerably more. What's changed over the years is not so much the modus operandi of our security systems but rather the worlds in which they reside.
The modern way to protect the contents of our computers is with firewall software. A firewall is designed to keep the bad guys out of our systems without making it altogether too difficult for the good guys to gain access. The software works by recognizing and reacting to suspicious access patterns from across telephone or Internet lines--such as repeated failures to type a correct password or a quick succession of login attempts under different user names. Firewall software can also be programmed to block entry or the delivery of E-mail from suspect sources--for instance, it can block logins that originate at computers named fraudcity.com or messages with telling three-or four-letter combinations in the sender's domain name.
The basic process by which a firewall works--automatically assessing certain characteristics of a person and then blocking or granting access--has been used since time immemorial. According to the Yung-Lo Ta Tien, a famous encyclopedia that was compiled in China in 1406 A.D., the emperor Ch'in Shih Huang Ti protected his Ah Fang Palace in the third century B.C. with an ingenious "automated" system that can well be compared to a firewall. Rather than recognizing specific access patterns or domain names, however, the system was set up to recognize specific attire an intruder might wear and then to, literally, stop the perceived barbarian at the gate. To quote the encyclopedia: "The gate was built of magnetic stone. Warriors wearing iron armor were detained or attracted and could not pass through."
An earlier historian, Ssu-ma Ch'ien (circa 145 to 85 B.C.), wrote about another automated security system that the emperor commissioned--this one built into his tomb--that responded not to specific attire but to movement. And the emperor's tomb-alarm system was playing for keeps. According to the Encyclopedia Britannica: "Artisans were ordered to install mechanically triggered crossbows set to shoot any intruder."
It was also Ch'in Shih Huang Ti who installed what was perhaps the most elaborate security system of all: the Great Wall of China. The emperor clearly thought big. His tomb was discovered in 1974 as a vast 20-square-mile complex replete with an army of life-size terra-cotta soldiers and horses, which were found buried in a subterranean chamber about three-fourths of a mile from the tomb. We can imagine that in ancient times a similar army of real-life guardians stood ready to let loose a true wall of fire.
Perhaps it's a good thing that Ch'in Shih Huang Ti never had to design a firewall for a computer network. I don't think we would have dared to go near one.
Gerard J. Holzmann is a member of the technical staff at Bell Laboratories in Murray Hill, N.J.