Indeed ... now, as Stan so aptly put it a moment ago (paraphrasing):  let's
get this on the SIB.

Lee Gunter




From: [log in to unmask] on 12/03/98 09:27 AM


To:   Lee Gunter/BCBSO/TBG, [log in to unmask]
cc:
Subject:  Re: HP3000/Internet Security Was: Dialup to a 3000




Lee Gunter writes:

> I think Wirt has a well-reasoned proposal, overall.  The only
modification
>  I can think of is to allow the aging parameter for purging rejected
>  addresses to be configurable by the system manager.  24 hours may be
>  adequate in most cases, but this is rather arbitrary and should be left
to
>  each site to determine what's in its best interests.

I certainly have no complaint about Lee's suggestion. In fact, the same
comment was made by several others, both publicly and privately. My primary
concern is that some reasonably useful values be chosen as defaults so that
this feature would be present in every HP3000, without requiring anyone to
adjust or set up anything and yet allow them to be well protected.

As more and more HP3000s move into small office situations, such
autoadaptive,
intelligent design is going to be more and more essential. The ideal HP3000
usage to the occupants of a small office is precisely that of the office
refrigerator. You put things in. You take things out. And you never think
about it because it never breaks.

Otherwise though, I agree with Ken's, Michael's, and Lee's comments. There
is
no reason that an auxiliary program couldn't be written to allow
configuration
of the fundamental parameters, or that log files of the time-stamped
rejected
addresses shouldn't be kept. Indeed, I would argue that the latter
attribute
is somewhat essential for general security considerations.

Wirt