mike@snowhite.EEAP.CWRU.Edu (Mike Sidman) (06/26/91)
Greetings all. I have two issues, and would appreciate any replies, whether it be email or posted. The two issues are aimed at an academic institution. The first deals with the distribution of accounts. I am wondering if any of you have a policy for giving out accounts on a departmental UNIX machine. For example, if a student says he/she wants an account, what is an exceptable explanation for their request? Also, what type of storage limits do you impose on users that are essentially guests, or not the main users of a network? The second deals with security. How would you monitor or approach person "A" if a different person (person "B" - friend, curious quasi- hacker, etc.) is utilizing person "A"'s account? Thanks for your time. Michael P.S. - Just to be safe, my posting is no way an official post of the Department of Electrical Engineering, Case Western Reserve University, the City of Cleveland, the State of Ohio and its correctional facilites, the United States Government, United Nations, the Sununu Frequent Flier Program, or the Danny Quayle School for the Giftedd. -- Michael C. Sidman | mike@snowhite.eeap.cwru.edu Electrical Engineering and Applied Physics |____________________________ Case Western Reserve University | "Cleveland - it's not hell, Cleveland, Ohio 44106 | but a damn good simulation."
mike@snowhite.EEAP.CWRU.Edu (Mike Sidman) (06/26/91)
Greetings all. I have two issues, and would appreciate any replies, whether it be email or posted. The two issues are aimed at an academic institution. The first deals with the distribution of accounts. I am wondering if any of you have a policy for giving out accounts on a departmental UNIX machine. For example, if a student says he/she wants an account, what is an exceptable explanation for their request? Also, what type of storage limits do you impose on users that are essentially guests, or not the main users of a network? The second deals with security. How would you monitor or approach person "A" if a different person (person "B" - friend, curious quasi- hacker, etc.) is utilizing person "A"'s account? Thanks for your time. Michael P.S. - Just to be safe, my posting is no way an official post of the Department of Electrical Engineering, Case Western Reserve University, the City of Cleveland, the State of Ohio and its correctional facilites, the United States Government, United Nations, the Sununu Frequent Flier Program, or the Danny Quayle School for the Giftedd. -- Michael C. Sidman | mike@snowhite.eeap.cwru.edu Electrical Engineering and Applied Physics |____________________________ Case Western Reserve University | "Cleveland - it's not hell, Cleveland, Ohio 44106 | but a damn good simulation."
rickert@mp.cs.niu.edu (Neil Rickert) (06/26/91)
In article <1991Jun26.055943.26481@usenet.ins.cwru.edu> mike@snowhite.EEAP.CWRU.Edu (Mike Sidman) writes: > >The first deals with the distribution of accounts. I am wondering >if any of you have a policy for giving out accounts on a departmental >UNIX machine. For example, if a student says he/she wants an account, >what is an exceptable explanation for their request? Also, what type Originally this was handled on an ad hoc basis. It worked well. Then we were connected to Internet, and the ad hoc approach broke down. As a result an acceptable explanation consists of a request from the department chairman. A requester, whether student or faculty from another department, is advised to request access in writing to the dept chair. >The second deals with security. How would you monitor or approach >person "A" if a different person (person "B" - friend, curious quasi- >hacker, etc.) is utilizing person "A"'s account? If person "A" complains, the password is changed. If person "A" does not complain, it is assumed that person "B" has been authorized by person "A", and it is moreover assumed that person "A" accepts full responsibility for any abuses that may be carried out by person "B" while using this account. Unless you want to pull the plug on all modems, and have a heavy guarding the door and checking photo IDs, any more restrictive policy quickly becomes unworkable. -- =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= Neil W. Rickert, Computer Science <rickert@cs.niu.edu> Northern Illinois Univ. DeKalb, IL 60115 +1-815-753-6940
sean@ms.uky.edu (Sean Casey) (06/26/91)
mike@snowhite.EEAP.CWRU.Edu (Mike Sidman) writes: |The first deals with the distribution of accounts. I am wondering |if any of you have a policy for giving out accounts on a departmental |UNIX machine. For example, if a student says he/she wants an account, |what is an exceptable explanation for their request? Also, what type |of storage limits do you impose on users that are essentially guests, |or not the main users of a network? Don't require them to provide an explanation. Encourage everyone to get a computer account. Show them how they can have access to electronic mail, Usenet, conferencing, typesetting, and powerful software tools. When someone signs up, tell them you're glad they did, and that you hope they'll learn about it and spread the knowledge. Give users a 1 meg soft quota, 3 meg hard quota, expandable on individual review. Provide them with easy offline storage so they can archive their "stuff" and take it offline instead of clogging your disks with it. Sean -- ** Sean Casey <sean@s.ms.uky.edu> ** Recent subject line in comp.sys.handhelds: Printing BIG GROBS
sean@ms.uky.edu (Sean Casey) (06/26/91)
mike@snowhite.EEAP.CWRU.Edu (Mike Sidman) writes: |The second deals with security. How would you monitor or approach |person "A" if a different person (person "B" - friend, curious quasi- |hacker, etc.) is utilizing person "A"'s account? Don't worry about it unless A's account is causing problems. Make sure that A knows they are 100% responsible for *anything* B ever does with A's account. If you make that quite clear, things tend to take care of themselves. Sean -- ** Sean Casey <sean@s.ms.uky.edu> ** Recent subject line in comp.sys.handhelds: Printing BIG GROBS
alderson@Alderson.Stanford.EDU (Rich Alderson) (06/27/91)
In article <1991Jun26.060931.7815@usenet.ins.cwru.edu>, mike@snowhite (Mike Sidman) writes: >Greetings all. > >I have two issues, and would appreciate any replies, whether it be >email or posted. The two issues are aimed at an academic institution. > >The first deals with the distribution of accounts. I am wondering >if any of you have a policy for giving out accounts on a departmental >UNIX machine. For example, if a student says he/she wants an account, >what is an exceptable explanation for their request? Also, what type >of storage limits do you impose on users that are essentially guests, >or not the main users of a network? Different departments here at Stanford have different policies, but most are restricted to members of the department only. This is frequently due to the fact that departmental computers were purchased with research grant funds. Further, since by our charter any student or faculty member can have an account on our systems, there isn't much call for general guest accounts on the departmental systems. >The second deals with security. How would you monitor or approach >person "A" if a different person (person "B" - friend, curious quasi- >hacker, etc.) is utilizing person "A"'s account? Our policy statement, which each person must read before opening an account, explicitly forbids sharing accounts. Since our systems are used to provide cycles for course assignments, sharing of accounts is viewed as giving unfair advantage. If anyone is caught using another person's account, the accounts of BOTH are frozen until a hearing. Again, departmental systems have their own policies. -- Rich Alderson 'I wish life was not so short,' he thought. 'Languages take Tops-20 Mgr. such a time, and so do all the things one wants to know about.' AIR, Stanford --J. R. R. Tolkien, alderson@alderson.stanford.edu _The Lost Road_