Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!tut.cis.ohio-state.edu!ucbvax!BAYLOR.BITNET!CALIFFM
From: CALIFFM@BAYLOR.BITNET (Michael Califf)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Unauthorized access via terminal servers
Message-ID: <06F79C49BADFA01101@baylor.BITNET>
Date: 21 Dec 89 05:21:00 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 20

Barry -

We (Baylor University) have been wrestling with this same
problem.  We are currently solving it by piping all of our
modem-to-network connections through our data PBX.  The PBX
allows us to restrict connections from dial-in modems by
enforcing a username/password/access list check on an
attached machine as part of the logon.  The network-to-
modem connections are also piped through the PBX.

We use the terminal server's security software to restrict
the IP addresses allowed to make a connection into the server
(we have to worry about people making long-distance calls
as well, to make sure auth-codes don't get "borrowed".)

Mike Califf                    (POSTMAST[ER])
Communications Software Coord  Internet: CALIFFM@BAYLOR.EDU
Baylor University C.C.I.S.     Bitnet:   CALIFFM@BAYLOR
B.U. Box 7268                  THEnet:   BAYLOR::CALIFFM
Waco, TX 76798-7268            Phone:    (817) 755-2711