Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.3 4.3bsd-beta 6/6/85; site ucbvax.BERKELEY.EDU
Path: utzoo!linus!decvax!bellcore!ulysses!ucbvax!apollo
From: DAN@MC.LCS.MIT.EDU (Dan Blumenfeld)
Newsgroups: mod.computers.apollo
Subject: RE:  Apollo Access Control
Message-ID: <[MC.LCS.MIT.EDU].826957.860222.DAN>
Date: Sat, 22-Feb-86 08:55:52 EST
Article-I.D.: <[MC.LCS.MIT.EDU].826957.860222.DAN>
Posted: Sat Feb 22 08:55:52 1986
Date-Received: Wed, 26-Feb-86 06:26:04 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 39
Approved: apollo@yale-comix.arpa

I think that Jim Rees has zeroed in on the problem.  The real issue is not
one of "absolute security", but rather how secure apollo systems are in
comparison to other systems.  While I too am no security expert (and have
no desire to be one), I have seen many breaches of security, etc. that
have been committed by students on a wide range of machines.  On vanilla-
flavored UNIX boxes, like VAXes and Suns runnning 4.2bsd, a student has
many opportunities to screw things up and/or make things unpleasant for
other users.  Two that immediately come to mind are "b vmunix -s" and
(on a VAX) "echo '...' > /dev/tty?" which are both breaches of security
in different ways.  There is also the issue of a student going up to a
file server and pressing the write protect button on the disk, or turning
the server off, or screwing around with network cables (e.g. removing
Ethernet terminators), which are very serious breaches of security because
many users are immediately affected.  

In "secure" computing facilities (e.g. Dod agencies), the computer and all of
it's terminals (or nodes if it's a net of workstations) are behind
locked doors, with heavy-duty physical control over who has access to
the machine and who doesn't.  The machines behind these doors communicate
NOWHERE, except between themselves.  There are no dial-ups, no Ethernet
cables running between buildings, no fiber optics, zippo.  You can't get
magentic media in and out of the room, let alone the building, without
special passes.  True, the data on these machines is classified, but
part of this complex security scheme is to prevent tampering and trashing.
How are people allowed to use this equipment?  The magic word is "trust".
The people that can gain access have demonstrated that they are trustworthy
enough to use the system without pilfering data and/or attempting to 
compromise it's integrity.  Security clearances are, in the final analysis,
only a measure of trust.

So, unless you want to run a University computer lab like a secure facility,
there is no way you're going to be able to prevent students (or anyone else
for that matter) from "playing around", especially with the kind of machines
and operating systems in use.  There's also the issue of students ripping
off licensed source or object code, but that's a different kind of security
problem.

Dan Blumenfeld
University of Pennsylvania