Path: utzoo!utgpu!watmath!iuvax!purdue!haven!uvaarpa!randall
From: randall@uvaarpa.virginia.edu (Randall Atkinson)
Newsgroups: comp.unix.wizards
Subject: Re: Unix network security
Message-ID: <328@uvaarpa.virginia.edu>
Date: 18 Aug 89 13:35:33 GMT
References: <3855@fy.sei.cmu.edu> <1064@accuvax.nwu.edu> <3942@phri.UUCP> <4614@thor.acc.stolaf.edu>
Reply-To: randall@uvaarpa.Virginia.EDU (Randall Atkinson)
Followup-To: comp.unix.wizards
Distribution: inet
Organization: GE-Fanuc North America
Lines: 20

In article <4614@thor.acc.stolaf.edu>,
	mike@thor.stolaf.edu (Mike Haertel) writes:

>If many people would put "*" in their hypothetical .netaccess files
>(and I am certainly among those who would) then attempting to restrict
>network logins in such a way is not a good idea to begin with.  Clearly,
>systems should be designed to facilitate peoples' preferred ways of
>working.  It is better to have to occasionally find and deal with a bad
>guy than to cripple everyone just on the offhand chance that a bad guy
>might cause trouble.

In short, you are saying that since you won't use a method of
improving security yourself that no one should use that method.

I disagree strongly.  If there were such a mechanism to restrict the
origin of telnet sessions to my accounts, I would use it.  Your
non-use of the mechanism is not sufficient grounds to say that
such a mechanism shouldn't exist.  On the other hand, if you
have an idea for a better mechanism, many of us would like
to hear about it.