Path: utzoo!utgpu!news-server.csri.toronto.edu!clyde.concordia.ca!uunet!samsung!uakari.primate.wisc.edu!sdd.hp.com!ucsd!ucbvax!OCDIS01.AF.MIL!robjohn
From: robjohn@OCDIS01.AF.MIL (Robert Johnson (CDC Contractor);CDC;)
Newsgroups: comp.protocols.tcp-ip
Subject: toll restrictors
Message-ID: <9005280152.AA22778@ocdis01.af.mil>
Date: 27 May 90 00:22:36 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 25

There are software products on the market which allow the system administrator 
to automate and control connections to other systems.  We use a product that
automates phone, network and direct connections, and restricts access to 
specified users or groups of users.  The user picks the system they want from 
a menu, and the software handles the connection automatically.  A few seconds 
later, they see the banner and login prompt of the system they wanted to use.

There are two drawbacks.  The administrator must set up access to new systems 
as needed, and must turn off other avenues such as tip, cu, and telnet.   The
product we use replaces telnet, but does not yet replace ftp.  We have limited
ftp access to a specified group of users, and we log their usage.  At our 
site, the advantages far outweigh the disadvantages - simpler for the user, 
less user training/support, and a full audit trail of outbound connections
made from our system.

As background info, we have nearly 1500 users, about 550 people use the system 
each day, and several dozen use our system as a gateway to others.  We plan on
doubling this usage within a year.  We have a Class A Internet address, a
Class C Ethernet connection, outbound modems, and connection to several other
systems through a base-wide broadband LAN.  The product we use allows us to
provide better service to our user community, reduce our training and support 
burden, and provide accountability and auditability.

Bob Johnson, System Administrator
Tinker Air Force Base, Oklahoma