Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watnot!watmath!clyde!rutgers!sri-unix!sri-spam!ames!ucbcad!ucbvax!DGOGWD01.BITNET!GWD21T
From: GWD21T@DGOGWD01.BITNET.UUCP
Newsgroups: mod.computers.vax
Subject: DECNET default account
Message-ID: <8702120227.AA16402@ucbvax.Berkeley.EDU>
Date: Wed, 11-Feb-87 23:32:32 EST
Article-I.D.: ucbvax.8702120227.AA16402
Posted: Wed Feb 11 23:32:32 1987
Date-Received: Fri, 13-Feb-87 00:04:40 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The ARPA Internet
Lines: 17
Approved: info-vax@sri-kl.arpa

Now and then people mention that a default DECNET account may cause
trouble. That is not quite wrong. However, I think the following
makes it rather secure:
 
$ SET FILE SYS$SYSTEM:FAL.EXE/ACL=(IDENTIFIER=DECNET,ACCESS=NONE)
(you have to execute this command prior to @STARTNET)
 
This just disables "default" file access, but still allows for
things like MAIL, PHONE and the other KNOWN OBJECTS, without requiring
proxies.
 
Any comments?
 
P.S. I don't like ACLs, this is the only one I found really helpful.
 
W.J.Moeller, GWDG, D-3400 Goettingen, F.R.Germany  <GWD21T@DGOGWD01>
                                                  Phone +49 551 201516