|
Grex > Coop11 > #49: Reasons to not allow verified non-members net access | |
|
| Author |
Message |
steve
|
|
Reasons to not allow verified non-members net access
| 
Dec 2 20:39 UTC 1998 |
Realizing that I was about to sidetrack the item about the accounting
aid society's suggestions for us, I'm creating this item to talk about
allowing verified non-members net access.
This is a nice idea in theory, but the hard facts are that it would
be an extremely bad idea.
Jan was talking about this in that item and I'll quote a part from that:
"I think we should think about making internet access available to
validated non-members. We voted to do this once. We've talked about it
for years. I think are memberships are deductable even if we don't do
it, but doing it would make it even clearer that they are deductable."
I can see what he means, but it isn't a good idea.
A distressing amount of the time, we get newusers from places and the first
thing they try once they're logged in, is to telnet back out. Why? Simply,
there are a great number of "vandal texts" out there that explain that being
telnetted into several systems make it all the harder to be traced, once
someone has realized that a vandal has attacked a machine. If the system
administrator of system C discoveres this and talks to the administrator at
B, that admin is going to see a telnet session used from his machine to C,
which isn't unusual. That person then has to go and tell admin C about
system A, where the vandal came in from. Multiply this by 6 systems, and
you can get a nice merry chain going of utter confusion.
The plain and simple fact of the matter is, the number of people who
need telnet access is dwindling every month, ESPECIALLY for those who come
to Grex via the net in the first place. Yes, there are some local members
of Grex who have no other access, and thats fine. I see a distinct difference
between local people using Grex to be able to do things on the net, and
the far away user wants to do the same thing.
Another problem I see with that, is an increased burden on the treasurer,
or person who assists them, in handling these requests. Right now, it costs
money for someone to join us and get net access. That I know of, we have
never had a paying user use Grex for malicious activities. Frankly, the
system we have currently is a nice deterrant to the vandals: they are cheap
as a group, and having to fork over even $6 is a barrier. I've talked to
several vandals about about this and they said that (not me)--so I'm not
making this up. ;-)
Right now Grex offers the single most important interface to anyone who
comes to Grex, which is Lynx access. Unforunately, it also means there are
some vandal tools which can be run here to try and steal other sites passwd
files and such, but that hasn't been too much of a problem.
So we're giving away the most important tool for the net currently, which
I think is a good thing and entirely consistent with Grex's philosophies. In
a perfect world I'd *like* to see us offer other net access as we do with Lynx,
but we aren't in that reality.
Offering net access to other verified people is a nice idea but we're going
to get burned if we do, and will add to our administrative burden.
Please, lets not do this.
|
| 57 responses total. |
krj
|
|
response 1 of 57:
|
Dec 2 21:27 UTC 1998 |
I have always understood this proposal to mean that Grex would extend
outgoing access to verified users who were coming in through our
Ann Arbor dialups. I agree that making it simple for more users to
telnet-through Grex is a giant can of security worms for little benefit.
|
steve
|
|
response 2 of 57:
|
Dec 2 21:33 UTC 1998 |
If the proposal is for local users only, then I'd feel a lot
better about it.
|
mta
|
|
response 3 of 57:
|
Dec 2 22:02 UTC 1998 |
I don't think it makes sense to extend outbound tenet to people who obviously
already have it...it makes sense, given our mission, to limit outbound telnet
available free to verified users over the dialups only.
That limits the "tel-net through" and administrative headaches some and makes
the service available to those who truly need it.
|
jep
|
|
response 4 of 57:
|
Dec 2 22:05 UTC 1998 |
I see no reason why we offer telnet at all, to anyone. I'll bet there
isn't one user on Grex who depends on it; who wants to be able to telnet
(or use ftp) but doesn't have other, better resources available.
It used to be a novelty, before the WWW turned the Internet into a
tool used by everyone in America, but that time has long since passed.
|
mta
|
|
response 5 of 57:
|
Dec 2 22:15 UTC 1998 |
There are still people who use Grex (from libraries, etc.) who simply can't
afford an ISP. In some cases, they can't even afford a phone line. Those
people would be served by having Grex provide telnet access to verified users.
|
steve
|
|
response 6 of 57:
|
Dec 2 22:40 UTC 1998 |
Thats right--locally, there are some people who do depend on Grex for
net access.
|
mary
|
|
response 7 of 57:
|
Dec 2 22:59 UTC 1998 |
STeve, take a deep, long, relaxing breath.
|
mdw
|
|
response 8 of 57:
|
Dec 2 23:33 UTC 1998 |
There is another reason why a "telnet" portal is interesting to people
elsewhere on the internet. Many places have firewalls in place. This
means those people can't just go anywhere on the internet and do
anything, but can only do certain things. That means grex becomes an
attractive place for them to "do" things, such as accessing sites they
can't access via their firewall. Unfortunately, places that have
firewalls in place, tend to feel less responsible about the actions of
their users elsewhere on the internet.
|
steve
|
|
response 9 of 57:
|
Dec 2 23:49 UTC 1998 |
Heh.
Mary, this isn't a knee-jerk reaction to the idea, but one that
has come about over time.
Back when we first started talking about getting Grex on the
net (via a 2400bps no less) I wanted to get Grex on as quickly
as possible, and thought that things like the kernel blocks wern't
that important, as we could simply ask our users to not do certain
things, and by and large, it would be OK.
I have learned some things since then, and unforunately one of
them is to plan on vandals beating on things every which way. In
the time that Grex has been on the net (five years next spring)
we've been hit by just about every tool there is.
I still firmly believe in the idea of an open access system,
Mary. But I also know that certain things are very dangerous for
us to offer, and this is one of them. Something like giving out
access to the C compiler (which causes some people to drop their
jaws open, when I mention security and open access in the same
breath, while talking about Grex) is an internal matter--a user
compiling a fork() bomb is only going to affect us. A vandal using
telnet from Grex could well do a lot of damage to some other site.
So as I see it, We should offer things like the C compiler
because it's very useful and isn't going to harm the world. Giving
out net access isn't nearly as useful since non-local people had to
telnet here in the first place, and can do actual harm to other sites.
Being as open as we are means that we have to take some
responsibility and try to curtail problems that we might cause on
other systems. I think we've done a good job of striking a balance
between openess and security.
It's really bizarre watching the new users who immediately try
telnet or FTP, then bring over copies and try those. This doesn't
happen occaisonally, but often--like a dozen or more times a day.
|
scott
|
|
response 10 of 57:
|
Dec 3 01:18 UTC 1998 |
I like the idea of free telnet only from dialups, and only for verified users.
But I also think this is another load on the Treasurer, or else work for a
new position.
For people accessing from libraries, we allow incoming telnet. I can't see
how anyone who can telnet to Grex needs outgoing from Grex. OK, maybe from
some sites where GRex is allowed but some others are not. But I don't think
that is our responsibility. We've already taken on quite a lot by promising
free email to the world.
|
steve
|
|
response 11 of 57:
|
Dec 3 03:10 UTC 1998 |
Heh. And, free lynx. ;-)
|
aruba
|
|
response 12 of 57:
|
Dec 3 04:39 UTC 1998 |
Re #4: John, I can name you at least one member who became a member
just so he could telnet out. Not for any malicious reason, just because he
needed telnet but not a full ISP account.
I am on the fence about this one. Frankly, I think requiring ID from people
is nearly as good a deterrent as requiring $6 from them, but obviously I have
no evidence other than gut feeling. But I bet we would only get a few more
people added to the internet group per month than we get now.
It's worth noting, however, that under this system, once someone is added to
the internet group, s/he would stay on it forever, unless we have some
expiration date. We'd have to worry about such accounts getting reaped and
then recreated by people we don't have ID for. I think that means the Reaper
would have to be very careful about cross-chscking his reapees with the
group file.
Also, we might lose some income from people such as the member I mentioned at
the beginning of this response. It wouldn't be a lot, but it would be some.
And yes, this would be more work for the treasurer, who has enough to do
already. But I'd be willing if most people thought it was a good idea.
|
steve
|
|
response 13 of 57:
|
Dec 3 04:56 UTC 1998 |
Good point Mark, about having to scan the group file before reaping,
so it could be changed.
The part here that bothers me the most is that if we received "ID"
from someone, how would we know it's real? We have that problem right
now, yes. But I would imagine that the financial papers we get from
people are tracable in the event of a nasty thing occuring, so that,
coupled with local people being the type who pay in cash (correct me
if I'm wrong_) and thus presumably known, gives us a way for tracing
should it really be needed.
But how do we know if some random id is good? Back when I went
to the National Computer Conference every year, a friend of mine
produced a "Whatsamatta U" student ID card to get student rates to
the convention. The card looked real enough but wasn't. Still, the
AFIPS official looked at it a second and took it.
|
krj
|
|
response 14 of 57:
|
Dec 3 05:30 UTC 1998 |
I had another thought or two.
First, what is the intersection of this proposed policy -- to allow
local dialin users to use outbound IP services -- with
another proposed policy, to allow local dialin users to use PPP to
access Grex services. Does the logical combination of these two
policies lead to free, full PPP access to the Internet for all verified
users? At that point, Grex becomes a free, full-featured ISP, and
that probably has implications for our community-building functions,
and the demand on our resources.
Second: I can imagine one quick scenario where the demand for outbound
telnet puts a significant demand on Grex's modem capacity. This would
be the scenario where M-net slashes all (or almost all) of its dialins
in a cost-cutting move. I'm not saying this is inherently a bad thing,
but we want to think it through.
|
scg
|
|
response 15 of 57:
|
Dec 3 06:46 UTC 1998 |
My impression is that there are relatively few people at this point who want
to dial up somewhere with a terminal and telnet out, although I suppose the
worst case scenario, in which we open up outbound telnet for free, and then
everybody within a local phone call to Ann Arbor who wants to do that starts
using us instead of an ISP, would leave us pretty swamped. I'm also not sure,
given how cheap commercial Internet access is at this point, that it makes
sense for us to be providing outbound Internet services at all, since it makes
more sense for us to spend our resources on the things that are still only
done by Grex, but that's another argument that I really don't want to get into
right now.
From the dial-up PPP standpoint, we can provide as much or as little access
as we want there, but that has to be uniform. We can't provide full PPP
access to one user without providing it to everybody who dials up. The reason
for this is that our Chase IOLan terminal servers are stupid and don't support
Radius or any other sort of standard authentication protocol that allow us
to change settings for individual users. Doing a packet filter in our router
to allow only telnet to the outside world, or only telnet to a specific set
of sites, or no outbound access whatsoever, is easy, as a global thing. But,
without Radius or something similar, there's no good way to allow access for
one user that we don't allow for another. If somebody wants to donate a
terminal server that supports Radius, that situation will change.
Taht's not to say that we couldn't allow certain PPP dial-up users to telnet
out. They would just have to telnet to Grex and then telnet out from Grex,
rather than telnetting directly.
Anyhow, I really don't think Grex should get into giving out full dial-up PPP
accounts. That's being done reasonably well by a large number of other
companies, at very low prices. There are better things for Grex to use its
resources for.
|
remmers
|
|
response 16 of 57:
|
Dec 3 11:22 UTC 1998 |
Re the question of who would do validating: A long time ago, the Board
authorized the creation of a "validator" staff position. It's in the
minutes somewhere, probably 1993 or 1994.
|
steve
|
|
response 17 of 57:
|
Dec 3 15:13 UTC 1998 |
Yes, I remember that.
Right, I agree with scg that we don't want to give out PPP access. If
we offer PPP access on the dialins, its for the grex universe only.
|
remmers
|
|
response 18 of 57:
|
Dec 3 18:24 UTC 1998 |
Could somebody with a good memory or the patience to search
the records recount the sequence of policy decisions over the
years? A long while back, the members voted to restrict outbound
internet access to members, with the exception of a small number of
specific protocols (and specifically not including telnet). Later,
the policy was liberalized, again by member vote, to make some
protocols available to all users (most significantly, http)
and perhaps others to validated users. But I think not telnet.
So, would it require a member vote to authorize this policy?
|
janc
|
|
response 19 of 57:
|
Dec 3 18:41 UTC 1998 |
I think that vote predates me, or almost. I don't remember the details.
I think it was flexible on whether ftp and telnet were enabled to
validated users, but suggested that that was the default, if we didn't
feel there were significant security problems with it.
I don't believe opening this up would lead to a large amount of abuse.
First, few problem users are going to be willing to send ID, even fake
ID. If a validated user causes any problems with their internet access,
then we can revoke that net access. So yeah, I think there will be some
abuse here, but very little. I'd be surprised to see more than a
handful of incidents a year.
The validation procedure would be for someone to E-mail something that
looks like ID to our PO box. We implement some command that the
validator can run that works like "validate someguy". Since the
treasurer checks the PO box, probably it doesn't make sense for anyone
other than the treasurer to do it.
That's not hard.
Yes, the account deletion commands would have to be fixed to delete the
group file entry too. So?
Yes, this would likely lose us a few members.
But I'd feel much better about Grex if we did this - if all our services
really were available for free, and there wasn't this one small
exception to that. I don't think the problems with this are anywhere
near large enough to justify making them the only service we offer only
to paying users.
|
aruba
|
|
response 20 of 57:
|
Dec 3 18:48 UTC 1998 |
Re #13: Here is a list of places we have received cash and/or money orders
from over the last 5 years:
91.25 Amstelveen The Netherlands
5.00 Bresso Italy
6.00 Singapore
1.00 Orlando FL
2868.04 Ann Arbor MI
6.00 Baroda MI
18.00 Chelsea MI
60.00 Croswell MI
35.00 Gaylord MI
145.05 Jackson MI
76.00 Kalamazoo MI
5.00 Lansing MI
36.00 Milan MI
43.00 Scio Township MI
68.00 Southfield MI
780.09 Ypsilanti MI
6.00 Durham NC
100.00 Parlin NJ
15.00 Columbus OH
120.00 Toronto ON
60.00 Nacogdoches TX
35.00 Whitley Bay UK
18.00 Laramie WY
So while local people are not the only ones who don't pay by check, they do
account for the bulk of the money we get that way.
|
mary
|
|
response 21 of 57:
|
Dec 3 23:13 UTC 1998 |
I would like to see this tried. If the sky falls then
we go back to current access policies. I tend to think
it will work and we will come all that much closer to
doing what we (or at least some of us) started out to do.
|
steve
|
|
response 22 of 57:
|
Dec 3 23:26 UTC 1998 |
Tried which way? For anyone to be allowed outbound IP access
if they send in identification, or for local users?
Given that we've always allowed email to anyone, and for quite
a while have allowed Lynx access to anyone, I think Grex *has*
lived up to its lofty goals of providing access to cyberspace to
anyone and everyone. We allowed the single more important part
of the net (email) forever, and what is now arguably the most
important component, web access. If you disagree with that Mary,
please list the number of sites in the world that are as open as
we are, and as liberal with our resources as we are.
I don't think its possible to come up with more than a few.
|
mary
|
|
response 23 of 57:
|
Dec 3 23:52 UTC 1998 |
I'd always hoped Grex could offer the same access to everyone without
concern to whether they paid money or not. That was a big issue for me
from day one. No tiered access.
I'd open access (on a trial basis) to all validated users. But if most
folks would rather take it in steps and open it up to dialin users,
evaluate that change, then open it up to all validated users, fine.
|
steve
|
|
response 24 of 57:
|
Dec 4 03:30 UTC 1998 |
Well, I could go for allow local users, but not everyone.
|