CATTANI@COLUMBIA-20.ARPA (04/11/84)
From: Bob Cattani <CATTANI@COLUMBIA-20.ARPA> This message is primarily directed to those people who are running Berkeley 4.2 and are members of the Arpanet community. There appears to be no provision in Unix to restrict network access. DCA requires that hosts restrict network access to "authorized" users or these hosts themselves may be subject to restrictions on Arpa/Milnet mail bridge traffic. Is anyone out there doing this? How? Restricting the use of the network user-interface programs (ftp, telnet) would be quick and dirty but wouldn't keep someone who has his heart set on talking with the world from creating his own. -Bob Cattani, Columbia Univ. CS Dept (cattani@columbia-20.arpa) -------
obrien@Rand-Unix.ARPA (04/11/84)
All network access in any version of UNIX that I've ever seen is done by way of special files. This includes 4.2. Just have protection 660 on all network files, and have them owned by a group "network". Then, make authorized users a member of that group. A similar scheme is necessary (and also not present in 4.2) to protect terminals against a pernicious type of security attack (due to the current ANSI standard for CRT terminals). Of course, you can also have socket entities out there in the file system, and if you do as the folks at BRL have suggested (change the semantict of "open()" so that a "connect()" is done automatically when you hit one), then you have to make other provisions. Most such "portals" are only used on a local net, though, and not the Internet.
cak@Purdue.ARPA (04/11/84)
From: Christopher A Kent <cak@Purdue.ARPA> The way we have attacked it here is that all "unauthorized" users are on machines that do not have network routing entries that allow them to connect to the Arpanet. This is quick and easy, and requires no patching of any code. Unfortunately, it requires you to have enough machines to do the segregation. chris ----------
ron@Brl-Tgr.ARPA (04/11/84)
From: Ron Natalie <ron@Brl-Tgr.ARPA> What Chris states is what we do as well. Machines here can either access the nets or not. Unauthorized net users are not allowed to log in on machines that can access the net. This is probably not helping you much. =Ron