Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!tut.cis.ohio-state.edu!bloom-beacon!usc!hacgate!lori
From: lori@hacgate.scg.hac.com (Lori Barfield)
Newsgroups: comp.sys.apollo
Subject: Protection in Internets
Message-ID: <3877@hacgate.scg.hac.com>
Date: 1 Jun 89 19:26:47 GMT
Organization: Hughes Aircraft Company, El Segundo  CA
Lines: 21

Our Apollo hardware configuration here consists of two Domain rings
internetted via Ethernet.  We are set up such that our nodes believe
they are actually part of one big ring (I have heard this referred to
by 2APOLLO elves as a "DDS" configuration.)

Now what do we do for security?  People with root/sys_admin access on
one network can blast away at anything on the other.  Shared resources
are critical to our operation, but not shared priviledges.

I'm an Aegis fan, but I hear that under UNIX, rlogin checks network
priviledges before allowing a user on, even as root.  Crp couldn't care
less where I'm coming from.  Also, the users here depend on UNIX, and
have told me that their file protection doesn't check past root to
group or world when allowing access to files and directories.  So setting
up separate root accounts with different projects (groups) does me no
good.

Help!  What did YOU do?


...lori