Access control and accountability


Hank Nussbacher (HANK%TAUNIVM.BITNET@wiscvm.wisc.edu)
Tue, 7 Apr 87 12:07 IST


I have a feeling this posting might generate quite a bit of
philosphical talk - but I would like to request in advance that I am
not interested in feelings and/or emotions but rather technical solutions.

With that behind me I would like to know about solutions in Tcp/Ip for
the following two areas:

1) Access control:
   A) On a system level: How do I go about restricting the use of users
      from using Tcp/Ip? I realize that every operating system may have
      a different solution but I am interested in hearing concepts and
      whether anyone is actually doing it.
   B) On a gateway level: If I have a gateway (say something like Bridge
      or cisco) do I have any capability of performing any sort of access
      control? If yes, is this access control based on connected machines
      or can I even exercise access control on a user level (i.e. restrict
      FTP or TELNET to a certain group of users on a certain machine).

2) Accounting:
   A) System level: Is there any accounting package that can measure things
      like packet transfer (FTP always tells you how many Kb/sec you sent
      so it isn't impossible to figure out) levels and Telnet connect time?
   B) Gateway level: Is there some gateway or monitoring PC that can do
      accounting? Is the accounting per system or can it be broken down
      per user (I assume very difficult to do)?

As a side note, anyone who is up on ISO: what is the status of accounting
and access control in ISO? Has it even been thought of?

Thanks in advance,
Hank



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:38:06 GMT