Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watnot!watmath!clyde!rutgers!ames!ucbcad!ucbvax!TAUNIVM.BITNET!HANK
From: HANK@TAUNIVM.BITNET.UUCP
Newsgroups: mod.protocols.tcp-ip
Subject: Access control and accountability
Message-ID: <8704071037.AA04224@ucbvax.Berkeley.EDU>
Date: Tue, 7-Apr-87 05:38:41 EST
Article-I.D.: ucbvax.8704071037.AA04224
Posted: Tue Apr  7 05:38:41 1987
Date-Received: Fri, 10-Apr-87 00:39:08 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Reply-To: Henry Nussbacher <Hank%BARILVM.BITNET@wiscvm.wisc.edu>
Distribution: world
Organization: The ARPA Internet
Lines: 31
Approved: tcp-ip@sri-nic.arpa

I have a feeling this posting might generate quite a bit of
philosphical talk - but I would like to request in advance that I am
not interested in feelings and/or emotions but rather technical solutions.

With that behind me I would like to know about solutions in Tcp/Ip for
the following two areas:

1) Access control:
   A) On a system level: How do I go about restricting the use of users
      from using Tcp/Ip?  I realize that every operating system may have
      a different solution but I am interested in hearing concepts and
      whether anyone is actually doing it.
   B) On a gateway level: If I have a gateway (say something like Bridge
      or cisco) do I have any capability of performing any sort of access
      control?  If yes, is this access control based on connected machines
      or can I even exercise access control on a user level (i.e. restrict
      FTP or TELNET to a certain group of users on a certain machine).

2) Accounting:
   A) System level: Is there any accounting package that can measure things
      like packet transfer (FTP always tells you how many Kb/sec you sent
      so it isn't impossible to figure out) levels and Telnet connect time?
   B) Gateway level: Is there some gateway or monitoring PC that can do
      accounting?  Is the accounting per system or can it be broken down
      per user (I assume very difficult to do)?

As a side note, anyone who is up on ISO: what is the status of accounting
and access control in ISO?  Has it even been thought of?

Thanks in advance,
Hank