Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!rutgers!ames!cit-vax!trent
From: trent@cit-vax.Caltech.Edu (Ray Trent)
Newsgroups: comp.edu
Subject: Re: Net Access Policies?
Message-ID: <1535@cit-vax.Caltech.Edu>
Date: Mon, 19-Jan-87 15:10:09 EST
Article-I.D.: cit-vax.1535
Posted: Mon Jan 19 15:10:09 1987
Date-Received: Tue, 20-Jan-87 04:14:42 EST
References: <9994@gatech.EDU> <490@ai.WISC.EDU>
Reply-To: trent@cit-vax.UUCP (Ray Trent)
Organization: California Institute of Technology
Lines: 26

In article <490@ai.WISC.EDU> neves@ai.WISC.EDU (David M. Neves) writes:
>If you are worried about your undergraduates then you should restrict
>read assess to FTP, telnet, rlogin, etc.  I believe this is done at
>our site.  I am sure Unix wizards could come up with more imaginitive

Unfortunately, (fortunately?) there is almost no secure way of doing
this except ripping out the ARPA connection by its roots. (short of
kernal and device hacking) 

Just as an example, even if you make all of these files unreadable,
telnet/ftp et al, are really not all that hard to write from scratch.

Possibly better, is to hack up an addition to these programs that
logs the people who use them, then---either by hand or automatically---
restrict their access until they go talk to the sysman who will slap
them on the wrist and restore access. (unless they have priors)

Of course, this isn't secure either, but...

On the other hand, you could just trust them not to f*ck around out there,
as is done here. (I would be willing to bet our students are as, if
not more, devious as/than GA Tech's)
-- 
"A journey of a thousand miles..."
					../ray\..
 (trent@csvax.caltech.edu, rat@caltech.bitnet, ...seismo!cit-vax!trent)