XRJJM%SCINT.SPAN@STAR.STANFORD.EDU (09/29/87)
Comment: Begin User Supplied Mail Headers.
*Site: NASA Goddard Space Flight Center - Greenbelt, Maryland, USA.
*Position: 76 Deg. 52' 28.5" West, 38 Deg. 59' 59.8" North.
*From: John J. McMahon, Systems Programmer, STX - ST Systems Corporation.
*Project: COBE Science Data Room (CSDR), Code 401.1
*Reply-To: (Arpa-Internet) XRJJM%SCINT.SPAN@VLSI.JPL.NASA.GOV
*Reply-To: (Arpa-Internet) XRJJM%SCINT.SPAN@STAR.STANFORD.EDU
*Reply-To: (Bitnet) FASTEDDY@IAFBIT
*Reply-To: (Span/Physnet/Hepnet) 6182::XRJJM = SCINT::XRJJM (Node 6.38)
*Reply-To: (Span/Physnet/Hepnet) 6173::XRJJM = CSDR::XRJJM (Node 6.29)
*Reply-To: (TEXnet) UTADNX::UTSPAN::SCINT::XRJJM
X> >It seems the thing to do is the following:
X> >a) Install "any" TCP/IP package
X> >b) Identify which Executables (e.g. TELENET, FTP, etc.) you only want
X> >authorized users to use.
X> >c) SET PROTECTION on the file so only someone with BYPASS or SYSPRV could u
X> se
X> >it normally.
X> >c) Put an an ACL on each executable, something like this:
X> > Identifier=ARPA, Access=Read+Execute
X> > Identifier=[*,*], Access=None
X> > You might want to consider an Alarm ACE, to catch persons with Privs
X> >(SYSPRV,BYPASS) trying to run it.
X> >d) Grant the ARPA identifier to whoever is authorized to use the software.
X> Yeah, and how do you prevent people from writing/borrowing etc. their own
X> copy of these executables. The aren't install with privilegies.. At least
X> not the cmu-tek tcp.
X> Matts Kallioniemi <matts@komunity.se> <matts@seqz51.bitnet>
X> KOMunity Software AB, Stockholm, Sweden
Hmm... how about protecting the tcp/ip device(s) as well, so only the
'true' tcp/ip executables (which would be installed with proper privs to
use the device) could use them ??? I'm not sure if that's possible,
but I think it is.
regards,
^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v
John J. McMahon (Fast-Eddie)
Disclaimer: Views expressed in this letter are my own,
and are not meant to represent the views of my employers.