XRJJM%SCINT.SPAN@STAR.STANFORD.EDU (09/26/87)
Comment: Begin User Supplied Mail Headers.
*Site: NASA Goddard Space Flight Center - Greenbelt, Maryland, USA.
*Position: 76 Deg. 52' 28.5" West, 38 Deg. 59' 59.8" North.
*From: John J. McMahon, Systems Programmer, STX - ST Systems Corporation.
*Project: COBE Science Data Room (CSDR), Code 401.1
*Reply-To: (Arpa-Internet) XRJJM%SCINT.SPAN@VLSI.JPL.NASA.GOV
*Reply-To: (Arpa-Internet) XRJJM%SCINT.SPAN@STAR.STANFORD.EDU
*Reply-To: (Bitnet) FASTEDDY@IAFBIT
*Reply-To: (Span/Physnet/Hepnet) 6182::XRJJM = SCINT::XRJJM (Node 6.38)
*Reply-To: (Span/Physnet/Hepnet) 6173::XRJJM = CSDR::XRJJM (Node 6.29)
*Reply-To: (TEXnet) UTADNX::UTSPAN::SCINT::XRJJM
X> Is there a version of telnet/ftp running under VMS which runs in
X> such a way so that access can be restricted to certain users.
X> This is a query for someone running telnet/ftp a secure site,
X> and is unable to run it in standard configuration at his site
X> because password security is not enough. Thanks much for your response
X>
It seems the thing to do is the following:
a) Install "any" TCP/IP package
b) Identify which Executables (e.g. TELENET, FTP, etc.) you only want
authorized users to use.
c) SET PROTECTION on the file so only someone with BYPASS or SYSPRV could use
it normally.
c) Put an an ACL on each executable, something like this:
Identifier=ARPA, Access=Read+Execute
Identifier=[*,*], Access=None
You might want to consider an Alarm ACE, to catch persons with Privs
(SYSPRV,BYPASS) trying to run it.
d) Grant the ARPA identifier to whoever is authorized to use the software.
This technique is similar to how the AUTHORIZE program is protected.
With regards to 'I got 10 million pieces of INFO-VAX mail', I'll add the
following comments:
a) Don't blame the submitters, most of my problems with INFO-VAX
volume have been due to mailers that have gone crazy. Take a look
at the RFC822 headers on your mail and see how many mailers a typical
piece of INFO-VAX mail goes through. There are a lot of points of
failure there.
b) Good subject choices are ideal, however some mailers trash the
subject line. This is what I get on every piece of Info-Vax mail:
Subj: [DECNET message]
I doubt I'm the only one.
c) If you are going to submit a message to INFO-VAX, include how to reply
to you in the TEXT of the message. Don't assume the 33 (or 330) mailers between
you, Info-Vax and the other Info-Vax readers will translate it properly.
If you aren't sure how to reply, include your local net address, and the
name of the network you are on. It helps, believe me.
^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v^v
John J. McMahon (Fast-Eddie)
Disclaimer: Views expressed in this letter are my own,
and are not meant to represent the views of my employers.