Re: Restricting Access to TCP/IP and DECnet

On Jan 29, 6:58 pm, "Robert Jarratt" <nos...@xxxxxxx> wrote:
Is it possible to restrict access to TCP/IP (5.1) and DECnet (IV) on a
per-user basis? In other words I would like someone to be able to access my
machine, but not to go from that machine to anywhere else on the network.

Thanks

Rob

Rob,

WADU, I will have to disagree with Jim Duff. Restricting access to
particular images is a good idea, but since these are essentially non-
privileged images, a (somewhat) inventive user can circumvent the
security by finding and using copies of the images or equivalent from
his own directory. It sounds effective, but can be circumvented
without raising any security alarms, which is a "very bad thing".

However, I do agree with Ken Robinson's comment about NETMBX. Removing
NETMBX is completely safe, and cannot be circumvented from the user
side of the table. There is no substitute. A spot check (TCPIP 5.5)
shows that NETMBX is required to open a socket (Cautionary note: I
have not checked older documentation for verification, and a check of
an older version of Multinet seems to indicate that this check has not
been universal among TCP/IP stacks).

Another possibility is to put an ACL on the pseudo device used by
TCPIP to access the ACP. I have not looked into this approach in
depth, but in concept it should be airtight. I would recommend caution
before implementing it as always, one may find a longer list of
processes (and accounts) need access to TCPIP than is appreciated at
first glance.

I hope that the above is helpful, if I have been unclear, please let
me know.

- Bob Gezelter, http://www.rlgsc.com
.

Relevant Pages

  • Re: Colormaps with multiple axes
    ... SC does circumvent the problem. ... You just need to use it on all the images, ... Since 'sc' does not seem to circumvent my problem, any further hints? ...
    (comp.soft-sys.matlab)
  • Re: Problem with the use of eval in for loop
    ... How can I circumvent this problem. ... I need to save the images at the end of my program, ... But it would be much faster and safe to avoid storing the image data in a set of variables Im_1, Im_2, ... ...
    (comp.soft-sys.matlab)