[18] in Public-Access_Computer_Systems_Forum
More on anonymous access
daemon@ATHENA.MIT.EDU (Tim O'Connor)
Fri Apr 17 08:53:59 1992
Date: Fri, 17 Apr 1992 07:52:31 CDT
Reply-To: Public-Access Computer Systems Forum <PACS-L%UHUPVM1.BITNET@RICEVM1.RICE.EDU>
From: Tim O'Connor <OCONNORT%elmer1.bobst.nyu.edu@RICEVM1.RICE.EDU>
To: Multiple recipients of list PACS-L <PACS-L@UHUPVM1.MIT.EDU>
----------------------------Original message----------------------------
George Rickerson asks:
[my remarks on open Internet access deleted]
> What does this mean for a university which is thinking of using client/server
> technology as its primary means of delivering information to the information-
> seekers it serves?
This is an important issue to be considered by those of us who provide
network services. What type of client-server access do you mean? I admit
that I don't know the details on all the various services that are brewing
out there in the world (*grin*). What I was speaking of in the original
message is old-fashioned telnet and FTP access. I imagine that by
installing a system, you have in place certain basic logging mechanisms,
as in:
2 p.m. Person A logged in at Station X
2:15 p.m. Person A logged out from Station X
This way, if the net security people get a report that Station X broke
into a Department of Defense computer at 2:10 p.m., you can track back to
who was using Station X at that time.
If you provide a Gopher or a WAIS or a comparable "doorway" to other
information, that doorway is generally carefully controlled. People make
their connections based on guidelines you (as system administrator)
establish. I don't think it's exactly the same as an open telnet
connection -- or is it? I'd *truly* like to know more about this.
> This technology makes "one-stop" information access a
> realizable goal. If a university wants to put public client workstations
> all over campus, give away client software for its constituents to use on
> their own machines, and provide a network connection for every workstation
> on campus, how will the security concerns you raise be addressed?
I suppose you have a few choices to start with.
Give everyone an account so that people who walk up to the public
workstations have to identify themselves; tie it into a campus-wide
mail system so that people will have an incentive to use the thing.
Or model your system after many campus phone systems: Free internal
use, but identify yourself for long-distance calls.
Or make sure your application doesn't allow for people to get into
mischief (in the way that, for instance, a Gopher client is going to
keep your people, to a certain extent, away from down-and-dirty
system break-ins).
> I do not agree, however, that this is a problem that libraries or librarians
> have sole responsibility for.
Not "sole" responsibility, but *some* measure of responsibility. At the
very least, we have to prevent the casual mischief-maker. (As has often
been noted, the determined intruder will eventually get in by some means.)
We enjoy a good working relationship with our campus computer centers, so
we're not in the slippery position of intuiting policy in a vacuum. It's
probably a good idea to try reaching out to your local computer center(s)
as you plan for new services. They can be very helpful!
--tim o'connor
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Tim O'Connor
Technical Support Coordinator -- NYU Bobst Library Systems Office
INTERNET: OCONNORT@ACFCLUSTER.NYU.EDU -- BITNET: OCONNORT@NYUACF.BITNET
**These remarks are not statements of anyone's official policy!**
