Path: utzoo!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!usc!rpi!batcomputer!llenroc!cornell!wayner From: wayner@thrall.cs.cornell.edu (Peter Wayner) Newsgroups: comp.org.eff.talk Subject: Re: Georgia Tech's Restriction on Internet Access Message-ID: <52892@cornell.UUCP> Date: 8 Mar 91 05:18:08 GMT References: <23808@hydra.gatech.EDU> Sender: nobody@cornell.UUCP Organization: Cornell Univ. CS Dept. Ithaca NY Lines: 57 Many companies have trusted host systems where one host acts as a gateway to the network. All but a few computers have no connection to the Internet. Mail and news are routed through these gateways in a way that is essentially transparent to the user. (Unless this one machine goes down or grows overloaded.) Rlogin, telnet and ftp priviledges though must be exercised by logging into the gateway machine. I've used the system at Xerox and the only problem I had was having to rlogin in an extra time. The added security was, in some ways, a good compromise. People with internal machines could set them up to do all sorts of things and not have to worry about the keeping them up to corporate security standards. On the other hand, they could easily get out to the net if they had an account which everyone at PARC did. The gateway machine was very stripped down and didn't run fun, but insecure, toys like finderd. So, if Georgia Tech wants to do this, it also allows them to have much freer standards internally and not worry about the one bad dude wrecking havoc. They can make their root passwords known globally (as MIT often does) so that any joe can fix their machine. Meanwhile they didn't need to worry about random hackers finding out about the root because these machines were only on the internal network. Silicon Graphics has a company wide root password that is a great thing. If an employee needs to fix something on a random, internal machine can just step right up. No nasty security that hamper productivity. One friend at another company (unnamed) needed to change something on his workstation in a way that required root priviledges. He wasn't cleared for this and the overworked support staff needed to help him. The friend couldn't get any help for a week so he just booted the Sun station in single user mode and slipped in. Security was a major hassle and cost productivity. As I see it, the situation at Georgia Tech is not necessarily any big deal. It depends on the attitude of the administrators handing out passwords to the gateway. If they'll only give it to you with signatures from 15 faculty members then this is a drag. If they are reasonable, it no problem. It should be noted that pornographic GIF files are the main attraction for undergraduates. These consume megabytes and megabytes of bandwidth for a cause that is wasteful (Penthouse has better bandwidth/dollar) and also a potential political timebomb. The next great usage for net access is faking mail and postings. It is much better if people do this locally, learn the insights and not clutter the net. The one thing that is lost is universality. I've enjoyed remotely logging into a host of systems around the country like Cleveland's Freenet. These are potentially great resources that are lost if the net doesn't include everyone. Peter Wayner Department of Computer Science Cornell Univ. Ithaca, NY 14850 EMail:wayner@cs.cornell.edu Office: 607-255-9202 or 255-1008 Home: 116 Oak Ave, Ithaca, NY 14850 Phone: 607-277-6678 Copyright 1991 Peter Wayner, All Rights Reserved.