On Oct 30, 11:57am, <firewalls-owner @
GreatCircle .
COM> wrote:
> At 09:48 AM 10/30/96 -0500, Todd Graham Lewis wrote:
> >The only way to have accountability is with authentication-dependent
> >service access. No (secure) password, no service. Think Kerberos, or
> >something similar.
> I second that suggestion. Anything less can be trivial to spoof.
As for accountability, we aren't really all that concerned at this
point. We just want to put a stop to abuse. The error messages
that are returned accuse the person reading the message when
we first block a site, and then subsequent accesses get a message
that only says that their PC was probably used to access something
non-official in nature.
As for authentication, I'm really hoping
it doesn't go that far. We may go with the Proxy-Auth stuff
at some point, although we'll still have to deal with old browsers.
By the way, I've already gotten calls from people who said they lost a lot
of sleep over their PC being blocked. Knew they were doing the wrong
thing. I think its working. (Of couse this is before we limited
it to porno sites only).
As for Joe ... He better be VERY careful. We government security people
have ways of finding out things... hidden cameras and mikes you
don't know about, black helicopters and vans, TEMPEST technolog,
mind reading equipment, lots of money for bribes, ...
:)
|
|
