Path: utzoo!utgpu!watmath!iuvax!purdue!haven!uvaarpa!randall From: randall@uvaarpa.virginia.edu (Randall Atkinson) Newsgroups: comp.unix.wizards Subject: Re: Unix network security Message-ID: <328@uvaarpa.virginia.edu> Date: 18 Aug 89 13:35:33 GMT References: <3855@fy.sei.cmu.edu> <1064@accuvax.nwu.edu> <3942@phri.UUCP> <4614@thor.acc.stolaf.edu> Reply-To: randall@uvaarpa.Virginia.EDU (Randall Atkinson) Followup-To: comp.unix.wizards Distribution: inet Organization: GE-Fanuc North America Lines: 20 In article <4614@thor.acc.stolaf.edu>, mike@thor.stolaf.edu (Mike Haertel) writes: >If many people would put "*" in their hypothetical .netaccess files >(and I am certainly among those who would) then attempting to restrict >network logins in such a way is not a good idea to begin with. Clearly, >systems should be designed to facilitate peoples' preferred ways of >working. It is better to have to occasionally find and deal with a bad >guy than to cripple everyone just on the offhand chance that a bad guy >might cause trouble. In short, you are saying that since you won't use a method of improving security yourself that no one should use that method. I disagree strongly. If there were such a mechanism to restrict the origin of telnet sessions to my accounts, I would use it. Your non-use of the mechanism is not sufficient grounds to say that such a mechanism shouldn't exist. On the other hand, if you have an idea for a better mechanism, many of us would like to hear about it.