Path: utzoo!attcan!uunet!samsung!usc!ucsd!ucbvax!OCDIS01.AF.MIL!robjohn
From: robjohn@OCDIS01.AF.MIL (Robert Johnson (CDC Contractor);CDC;)
Newsgroups: comp.protocols.tcp-ip
Subject: dial-up access to the Internet
Message-ID: <9005251424.AA08810@ocdis01.af.mil>
Date: 24 May 90 12:54:01 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 28

It seems to me that the real question of dial-up access for the Internet
stems from folks who travel and need to "phone home".  The most obvious
solution is to have a dial-up modem on their "home" system and stay off
the Internet altogether.  That way, their home system does all the user
verification and auditing.

But that's not how the real world works - right?  I get a the willies about 
letting anyone dial up and get on the Internet without authentication and 
audit trail.  That would seem to invite abuse.  The open-door "guest" account 
is an invitation to disaster (or hassle, if the FBI asks why your system 
allowed the bad guy access to the Internet).  Unfortunately, all sites seem 
to have their share of traveling dignitaries who need to check their email 
in some other corner of the world.

To handle these, we set up a "guest" account which is password protected.
When a user logs into this account, they see a list of systems that they
can connect to.  When a travelling dignitary comes on base, our customer
support folks offer the courtesy of using the guest account, and provide
him with the current password (they also make sure the right "home system"
is currently on the menu).  After he leaves, they change the password on
the account.  No logins to this guest account are allowed over modem or
>from the Internet.  The user must be "on base" to use the account.  Not
only are we controlling guest access, but visitors are impressed by our
"thoughtfulness" in providing them with this "phone home" capability,
without them having to ask for it.

Bob Johnson
Tinker AFB