Path: utzoo!attcan!uunet!tut.cis.ohio-state.edu!ucbvax!ulysses!ulysses.att.com!smb
From: smb@ulysses.att.com (Steven Bellovin)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: A SUSPICIOUS SECURE GATEWAY
Message-ID: <13027@ulysses.att.com>
Date: 27 May 90 00:41:49 GMT
References: <435@jove.dec.com> <9005231723.AA20278@hp-ses.sde.hp.com> <46F%_++@b-tech.uucp>
Sender: netnews@ulysses.att.com
Lines: 21

In article <46F%_++@b-tech.uucp>, zeeff@b-tech.ann-arbor.mi.us (Jon Zeeff) writes:
> It doesn't inspire confidence  - even AT&T can't make a Unix they trust.

AT&T is not a homogeneous place -- for example, we have a lot of Sun
workstations.  (Remember the joint development deal, if nothing else.)
We have an OEM agreement with Pyramid.  We buy other machines for other
reasons.  And the best system in the world can be totally hosed by an
incompetent administrator.  And even on 6386s or 3B2s with good administrators,
sometimes a machine *must* run back releases of the software, with known
bugs not yet fixed.

> >Incidentally, I say ``mostly'' because there's an important class of
> >device -- dial-out modems -- that is not capable of security today, and
> >is not likely to be in the forseeable future.  Finding a dialer pool on
> 
> There are these $100 toll restrictors (a little box) that help quite a bit.

No, they don't.  Why should we prevent ourselves from making long-distance
calls?  We have dial-out modems because we need them and use them, and
often -- generally? -- not for local use.  To give an important case in
point, there's an AT&T office in Tokyo; we call it often via uucp.