Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!usc!ucsd!brian
From: brian@ucsd.Edu (Brian Kantor)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: Unauthorized access via terminal servers
Message-ID: <10567@ucsd.Edu>
Date: 22 Dec 89 00:15:00 GMT
References: <06F79C49BADFA01101@baylor.BITNET>
Reply-To: brian@ucsd.edu (Brian Kantor)
Organization: The Avant-Garde of the Now, Ltd.
Lines: 20

What we did here at UCSD to solve the problem of unauthorized network access
from our dial-up Annex boxes is to hack up the nice Annex security code.

Now if you dial up one of our boxes, you can telnet (or rlogin) to
machines on a list of networks (our three class-B nets and the UC
systemwide library catalog Class-A network) without user verification,
but if you want to connect anywhere else, we'll demand of you for a userid
and a password, which are checked against a database.

Thus students, staff, and faculty have no impediments in getting to the
various machines on our network and I don't have to be responsible for
maintaining access userids and passwords for some 20,000 people!

Those few people who need off-campus access can get it by registering
with us, and when someone abuses the access, I can turn it off.  Perhaps
not the best solution, but quite workable in our view.

	Brian Kantor	UCSD Network Operations
			UCSD C-024, La Jolla, CA 92093-0124 USA
			brian@ucsd.edu ucsd!brian BRIAN@UCSD