Re: Access control and Accountability


Dave Crocker (dcrocker%engr.ub.com@RELAY.CS.NET)
Fri, 10 Apr 87 12:45:47 PST


Newsgroups: mod.protocols.tcp-ip
Subject: Re: Access control and accountability
Summary:
Expires:
References: <8704081259.AA17700@topaz.rutgers.edu>
Sender:
Reply-To: Reply-To: dcrocker@ubvax.UUCP (Dave Crocker)
Followup-To:
Distribution: world
Organization: Ungermann-Bass, Inc., Santa Clara, Ca.
Keywords:

In article <8704081259.AA17700@topaz.rutgers.edu>
            hedrick@TOPAZ.RUTGERS.EDU (Charles Hedrick) writes:
>... You will need to insert the access control in
>sendmail also. We have done all of this stuff in the past, but are
>not doing it now. It is nearly impossible to control mail. There are
>now so many gateways, that you can always find some machine on the
>local network that will forward your mail to the Arpanet for you. Not
>to mention UUCP or Bitnet to Arpanet gateways...

The MMDFII mail transport system, used by CSNet and distributed with
4.3BSD, has considerable path-filtering based security. You can
prohibit users, networks or hosts from sending to any specified host
or network.

While this requires a cooperating set of internal MMDF's to enforce
filtering pervasively, rather than simply at the boundaries, one would
assume that a security mechanism would not be used unless the requirement
were fairly severe.

Dave

P.S. You are correct that statistics gathering features are present in
      other vendors' IP Routers.



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:38:07 GMT