[324] in Commercialization & Privatization of the Internet
georgia tech restriction on internet access
daemon@ATHENA.MIT.EDU (Craig A. Finseth)
Fri Mar 8 10:32:21 1991
Date: Fri, 8 Mar 91 09:13:40 -0600
From: "Craig A. Finseth" <fin@unet.unet.umn.edu>
To: emv@ox.com
Cc: com-priv@psi.com
In-Reply-To: Edward Vielmetti's message of Thu, 07 Mar 91 17:56:48 EST <m0jETtB-0003k0C@crane.aa.ox.com>
In order to comply with NSFNET, SURAnet, and Internet "Acceptable Use"
policies and security guidelines, Network Technologies will implement a
Network Access Control Policy utilizing a Trusted Host model for
managing network security. The intent of the model is to ensure the
integrity and security of GTnet and the Internet, while having the
I know of many organizations that use this model. In all cases, they
are corporations who wish to protect their internal networks from
attacks from the "outside world." In general, they attempt to prevent
all *incoming* telnet, ftp, etc. sessions while, in most cases,
permitting unrestricted outgoing sessions.
This is the first that I have heard of anyone attempting to use this
method to limit access to NSFNET.
To the best of my knowledge, no scheme such as this is contemplated by
NSF. It would seem to directly contradict the whole purpose of the
NSFNET.
Again, to the best of my knowledge, NSF does wish to prohibit
anonymous access to the NSFNET (e.g., anonymous terminal servers and
unathenticated access from such places as public workstation labs).
...
access including: MIT, Digital Equipment Corporation, Sun Microsystems,
and numerous government sites.
To the best of my knowledge, MIT uses no such scheme (speaking as an
alum, if any were proposed for that organization, you would hear
screams of anguish that would wake the dead). DEC, Sun, and other
organizations do use it, but to guard against incoming, not outgoing
traffic.
As I see it, this policy will substantially raise the hassle factor
for everyone at G.T. Each person who wants to use network resources
(including, but not limited to, telnet, FTP (anonymous and not), NFS,
r* commands, NTP, NNTP, and the latest 15 protocols-of-the-week) must
now operate through a gateway machine.
I am not familiar with the faculty, staff, and students of G.T. For
all I know, they prefer to be cut off from the outside world in this
fashion. Here at the U of Minn, we have been working for years to
remove just this sort of barrier: our goal has been to make network
access easier.
Offhand, I would guess that this whole issue is a red herring: there
is probably a very different internal political issue at stake here
and someone (presumably not familiar with NSFNET policies or what
networking is all about (:-)) is bringing this up.
Craig A. Finseth fin@unet.umn.edu [CAF13]
University Networking Services +1 612 624 3375 desk
University of Minnesota +1 612 625 0006 problems
130 Lind Hall, 207 Church St SE +1 612 626 1002 FAX
Minneapolis MN 55455-0134, U.S.A.
