Conference 7.286::digital

    Although it may sound like an attractive strategy, I think you
    may have serious problems getting an official okay on this.
    
    Not all families have only one member involved in the
    computer industry.  What if your spouse or a child works in some
    capacity for a competitor or for a customer?  Legal won't like
    it, regardless of privileges and protections.
    
    You signed a document, when you came to work for Digital, binding
    you in certain ways regarding what you learn.  To protect its
    interests, DEC would have to make all the non-minor members of
    your family sign.  Even then, the Legal people would probably be
    seriously concerned about children using Digital computer systems
    (and not just from fear of crackers).
    
    Pat Hardy
    

Without thinking this one through all the way, my initial reaction would be
the MOST we could possibly allow would be no network access  (otherwise,
the entire network (notefiles included) would be compromised).  That means all
one could do is play with some editors, compilers and games.

I suspect if this were the case, the desire to even log on would be reduced.

But to reiterate what I said above (and I think was implied in .-1), there is no
way we can allow non-employess to gain access to other nodes because of network
security issues.  

Perhaps in the future with better security mechanisms in place this might be 
more realistic to pursue.

-mark

I find this suggestion almost incredible.  Here we are, trying to ensure the
security of technical information, and it is (I presume) seriously suggested
that non-employees are allowed the basic means to get at that information.

NO WAY!!!!!!!!

If family members of an employee are using the employee's account, then the
employee involved should be disciplined for allowing the password to the
account to be dissimenated (and for handing out the dial-in phone number).

The only way a family member could use an account on a DEC machine would be
if this was under the direct personal supervision of the employee concerned.
This would be the only practicable way to protect Digital's information.

jb

re: .3
    
    You mean, you actually think that family members are NOT accessing
    the net?
    
    Family members should be allowed to use the account "under
    direct personal supervision of the employee...".  What sort
    of supervision?  How are you going to ensure it?
    
    Discipline the employee for allowing access?  Good idea--and
    he or she will be out the dorr the next week to a more liberal
    organization.  Good engineers are still hard to come by, despite
    the labor market.
    
    The reaction and solution offered in the last reply is the
    typical response I get from higher management--which is also
    why I no longer try to push for "family-member" accounts. 
    Which means I CAN NOT--AND WILL NOT--GUARANTEE ANY KIND OF
    SECURITY ON ANY MACHINE WHATSOEVER, unless they remove the
    dialin lines and network.  Anyone who thinks that employees
    can be ordered to restrict their own accounts at this point
    has a serious personnel problem.
    
    BTW--the previous reply about reducing net access is a problem;
    at sites where restricted "family" accounts were allowed, they
    didn't like the restrictions.  I don't know what could be done
    about that one.  Any ideas?

I have no problem with allowing spouses access to the machine, especially if
all they are going to do is to send MAIL or PHONE or access recreational
notesfiles. In most families, there is an element of trust between family
members. We've all discussed work at home with (occasionally bored) spouses,
and have often gone into detail that far exceeds the limitations of the
corporate non-disclosure agreements. Allowing such people some limited
access to the computer system doesn't strike me as particularly reprehensible.

I'll throw in two examples from my recent past.

Example 1: A former colleague of mine (who has since left the group) had a wife
who didn't work for DEC, who didn't even work in the computer industry. He had
a home terminal and had taught her how to log in through the TSN, switch and
LAT so she could send him MAIL, and could read MAIL from him. Once she mastered
this, he showed her how to send MAIL to various of their friends all across the
net; how to use the PHONE utility, etc. She only used the system at night or at
weekends and provided little resource load or impact. 
She had her own account, which clearly identified her as the wife of xxxxx.

Now, I see nothing wrong in this... indeed, I used to communicate with her
of an evening myself! And, because she had her own account, I KNEW who I was
talking to, and didn't ever mistake her for him!

Example 2: An acquaintance of mine let his girlfriend use an account for the
same sort of purposes -- sending MAIL and PHONing. Rather than create an
account identifying her, he let her use a "spare account" which he had in his
own name on one of the development machines to which he had access. 

I find this case more disturbing in that there was no immediate way that 
even the system manager could tell when this other person was on the system.
And if she had felt the urge to peer around the net at things which were 
not meant for human eyes(-:, then she could not be readily identified as
other than the DEC employee.

So, if we are to assume that there are occasionally non-DEC people logged on
to machines on this network (which is, I think a valid assumption), then I
would much prefer that we create 'family accounts' by which such access
can be identified and monitored. 

Comments?
		Nigel

    I think I mentioned this in another topic, but I'll mention it
    again, briefly.
    
    All you want is available elsewhere, to the public, at a price.
    
    If you feel your family will benefit by having electronic mail,
    conferencing with people cross-country, playing games, or downloading
    public-domain programs for a home computer, you should seriously
    consider a subscription to one of the major public timesharing
    services.  In this way you avoid all problems (other than paying
    for it -- ask your boss for more money :^} ).
    
    You must realize that a judge involved in a copyright or trade law
    case would look quite *curiously* at Digital's claim of protection
    for trade secrets if access to corporate machines by non-employees
    were allowed as a matter of policy.  Family trust has nothing to
    do with it.
    
    Pat Hardy
    

    While this idea makes sense from one perspective, it makes trouble from
    another perspective.  I'm not going to play Fascist Moderator (not yet,
    anyway) but I'm definitely going to check with Corporate Security.
    
  --Simon
     

    o  responsibilities: things that happen in your account are your
    responsibility no matter if it was your wife or some corp.spy.
    
    o  perks: dialup accounts are widely available within DEC far more
    so than in ANY OTHER company.
    
    o  two-way benefits exist for your family to learn/use computers
    (after hours Please) and to the company to have more trained users
    and more loyal families.
    
    o  key issue seems to be "HOW?"  Family accounts are one method
    but can be a nightmare (literally) for systems managers.  Kids using
    your account could purge/kee=0 and where would you (and they) be
    then!?  Isn't there a way to have subordinate passwords/accounts
    as in LOGIN/ACCT=CHILD1 ...?
    
    	Rick Merril
    

    See topic 118 for some related material.
    
    Pat Hardy
    

    I would like to see some way for limited access for kids and
    spouses especially to the personal interest notes files. One
    of my sons would love to correspond in the SF notes file. We've
    said no way because one young man who was coresponding with the
    moderators permission had to stop because of complaints.
    
    Where can information about non Digital notes type confernces 
    be found - I know that they exist but am not "into" that culture.

    No way.  I've had a couple of types of experience with this.  When
    in high school, I was one of those "supervised" kids, and managed
    to get into all sorts of interesting data/info in some Xerox computers.
    But, I was a good guy, and told my father, who took the info to
    Security, thus ending both my sessions, and the ease of breakins
    to others.
    
    At DEC, I had the pleasure of fencing with an unknown breakin user
    while on the system at night.  It seemed that this person was
    interested in finding new nodes and accounts without clever passwords
    (rememeber Guest Guest, etc accts?), and had a lot of info about
    some of the accts on my system.  While talking with this person
    on the terminal, I notified Security, who started tracking his
    activities, and finding out where he lived, etc.
    
    It turned out to be the son of one of our illustrious SENIOR MANAGERS,
    which meant that nothing was done about it.  I never even found
    out whose kid it was....  Must have been high up, tho.
    
    Bottom line - there's no way that employees will really police the
    usage of DEC systems by their families.  Kids, in particular, seem to
    be pretty adept at learning our network and account protocols, and the
    last thing we need is to have them prowling around our systems. 

        It gets  even  harder to monitor what you family does, especially
        when you have  a  lets  say  a Rainbow at home, that has a rather
        good  communication  program that  allows  for  automatic  dialup
        scripting (LC-TERM) with the Tel  #, account and password info in
        the script.  Maybe I should  think of rewriting the script before
        my son get to interested in my Rainbow ;^).
        
        Claude

    I thought we were supposed to keep our password secrets (well at
    least that's the way it should, no flames about whether my own password
    is secret or not).
    
    If you do not want your family to have access, do not tell them
    the password.  What could be more easier than that?
    
    - Vikas

I do not believe that Digital should be footing the phone bills for any non DEC
employee that wants to access 'recreational' notes.  A member of an employee's
family is NOT an employee.  They should not have access to the machines. People 
do log in on lines that present DEC with a monthly phone bill. I do not feel
that this is a justifiable expense even if it is the employee and the only thing
they are doing is reading recreational notesfiles.  Someone conversing in the SF 
conference is NOT a valid business expense.  

And these conferences are NOT public despite how much one would like them to 
be.  I personally do NOT want someone messing around on a system where I am 
doing my work; the chances of accidents is too high and a totally 
unjustifiable risk.  As a previous reply stated, many of the things desired are
available for a price from outside vendors.  If you are not willing to pay the
cost, why should Digital?

-Joe

    CANOBE LAKE is a legit business expense but it is FOR the families.
    You should realize that supportive families make for loyal employees.
    
    There is no phone charge if you use the after-hours dial-in nos.
    that are local to your area (what are they called?).
    
    Rick Merrill
    

I don't have any doubt that one can't trust one's own spouse to use even
an unrestricted network account.  However, there is no way one can allow a
youngin' into the network for all the obvious types of things that kids are
likely to do (especially when presented with a challenge!).

Since it's not fair to try and say whose kid can be trusted or whose spouse
is beyond reproach, the only fair thing to do is not allow anyone on.   It's
a shame to have to do this and I hope we NEVER get as paranoid as the IBM's of
the world but we really MUST take security more seriously.

-mark

Another point to be made is that such a person would be taking up a very
valuable connection.  Here at ZK (Spitbrook) it is sometimes (not always)
difficult to log in from home to do meaningful work.  I would hate to
think the reason behind not getting in was a someone reading NOTES or
worse, someone's family reading notes....  That is NOT the purpose of the
DEC equipment at home.

-Joe

Re: .17 

It depends what NOTES you are reading.  I agree that reading non-work
related notes is probably not good use of these resources during peak
hours.  However, many Notes Conferences are on serious work subjects.



Re: .0

While this "family use" business may have been going on for ages, it should 
be terminated as soon as possible.  It is a CLEAR VIOLATION of the 
Corporation's computer security policy.  This policy mandates disciplinary 
measures, including firing of the employee concerned, if it is violated.

Personally I find some aspects of security a real pain.  Realize though, 
that if some sensible level of security is not maintained, the Corporation, 
and ultimately all its employees, will suffer.

Just thank your lucky stars that you work for a company that allows you to 
(a) have a terminal at home, (b) allows you to have files on its computer
systems that are not essential to your work, and (c) does not have the 
heavy hand of security lurking everywhere.

jb - NAC Europe - Reading, England

    As noted in the previous reply, it is company policy to restrict
    access to this internal network to employees.  Family members are
    not employees, and therefore are not permitted on the network. 
    This policy is unlikely to change, because the company has too much
    at stake in protecting the private nature of the network.
    
    Employees have the responsibility to comply with policy.  A word
    to the wise is sufficient.
    
  --Simon

    re:.14
    
    I agree. People should not log in from home to read Notes. They
    should do it during working hours only, instead of doing the
    things they were hired to do.
    
    --- jerry

    re .20
    thanks Jerry, you said what I was thinking only better. I had thought
    ofasking .14 when - other than at your desk after - 5 it was ok to
    use notes files.

re: .-1		consider the question asked.....

The purpose of terminal/modems at home is to allow an employee to do work
related things.  The basis for this was set up long before there were even
notesfiles/conferences.  My main objection is that an employee desiring to
do work should not have to wait for a connection that is being used by 
someone reading non work related notesfiles.  I do not know how such a thing
could be policed (I don't think it should; the employee doing the reading
should exercise good judgement on this).  I obviously do not have any
numbers or 'facts' about the times when I have tried to get in and was not
able to; obviously I am saying  ">If< it is because of non-work related
notesfile reading" that my objection arises...

I am perplexed (big word for today :-)) as to the general attitude about
notesfile usage.  Somewhere along the line people have started thinking 
that it is a benefit to which they are entitled.  Anyone care to point to
a policy/memo/scratch pad that shows this as officially a benefit?  It is
'nice', it is 'useful', it is even 'entertaining'.  But it certainly does
not take precedence over Digital work, whether that work is done at home
or in the office.  And then, I have yet to see guards escort anyone out of
the building at 5pm :-) :-)

Maybe stone tablets and chisels weren't so bad after all!?!?!?!   :-)  :-)

-Joe

    Just a thought - have you tried requesting more dial-in lines?
    
    	- Jerry

    Here we go again. People demanding things that Digital can't officially
    allow but on the other hand things that Digital turns a blind eye
    to.
    
    Yes of course family members use ENET accounts. Yes of course they
    read notesfiles. But the employee has to be aware that is treading
    on marshy ground. It is up to him to police his family.
    In order to prove that Digital is protecting its trade secrets it
    CANNOT formally allow non employees access to the ENET.
    Digital needs the authority to discipline an employee if Digitals
    interests are compromised. The art of management is knowing when
    to turn a blind eye. It's just like personal interest notesfiles.
    In MAY SEXCETERA.NOTE was closed down, something was seen to be
    done about a perceived problem. Well four months later a notesfile
    exists with topics talking about EXACTLY the same things as SEXETERA.
    It exists quite peaceably. It's not at all unlikely that somebody
    will decide to close that one down, you can find a policy to do
    just about anything but I guarantee if it disappeared another would
    rise to take its place.
    
    It'sd just like ENET family account access, you know it happens,
    you know that there is no way to prevent it, you know that you
    can't formally condone it so you just control it with common sense.
    
    Dave 

    re:.24
    
    It should be pointed out very strongly that HUMAN_RELATIONS is
    *not* --- repeat, *NOT* --- "exactly the same" as SEXCETERA.
    The latter discussed physical sexual activity in fairly explicit
    language, only later branching out into the social side of
    sexuality. HUMAN_RELATIONS discusses *all* aspects of human
    interaction, touching upon subjects such as marriage, dating,
    what attracts a person, etc., but steers clear of discussing
    the physical side of love and sex.
    
    --- jerry

    actually I meant my question about use of personal notes conferences
    quite seriously. (I am now logged in on a line I am paying for from
    home.)
    I assume after 5 from your desk is ok.
    How about in the morning before you start work before 8 lets say?
    Or during lunch time?
    Or after doing legitimate work on a free line?       
    Or if you have finished your work but haven't put in eight hours.
    or...
    I enjoy notes files but don't want to get into trouble or cause
    others trouble by using them.
                                 

    I think a primary reason for noting "after hours" is to not tie
    up network communications for people that are doing serious work.
    After hours less people are on, and the impact is less.
    
    (Of course if you're accessing a note local to your system...)

    re: "the terminal's for working at home"
    
    Seems like we've opened another logical can of worms.  If the
    terminal is for working at home, then (theoretically) we are
    now working twice as many hours.  Even though some groups are
    not on hourly wages, it would appear that some salaries should
    be doubled...  At the very least, high-tech companies can be
    accused of "sweat-shopping".
    
    But if the terminal ISN'T for working at home, then what is
    it for?  Keeping in touch?  Playing?  BTW, I have heard of
    some organizations (not within DEC) which are seriously looking
    into limiting terminal time at work and at home, as dangerous
    to mental health.
    
    Hm...if they got into FORUM or SOAPBOX, they might have a lot
    of ammunition for their point.

    The terminal at home is primarily for: 1) Getting work done when winter
    storms prevent getting to the office, but you are on a tight schedule,
    2) sending a message to your supervisor to say you're ill, or otherwise
    unable to get in to work, 3) keeping up with your message traffic when
    you are away from your office during working hours, such as taking a
    training course at another location. 

re: .0,

	In these days of cracking down on virtually anything which poses a
    threat to "security interests", I seriously doubt whether you will make
    much headway in this effort, but I thought I might throw out a suggestion
    which might make a few young ones and spouses (corporately neutral only -
    my wife works at Data General, so I don't let her read anything on here,
    much less write) happy while preserving the security of our network: why
    not try hard-copy?

	Let's imagine the typical youth for a momment, do you think that the
    majority of these fledgling hackers are trying to get there hands on company
    secrets so they can run out and either destroy our network, or sell these
    secrets to other companies, etc.?  No, most likely we're talking about a few
    imaginative kids who enjoy reading some of the creative writing which flour-
    ishes on our network (and that we should be proud of - not ashamed).

	Notesfiles such as Star Trek, Science Fiction, Games, Human Relations,
    Soapbox, etc. do not typically contain company secrets.  On the contrary,
    the subjects discussed in these notesfiles are meant for the betterment of
    humanity and (the consequent reading of which) should not be limited to
    digital employees.

	Now, since the main thrust of the arguments against allowing children
    and spouses the opportunity to use our accounts has to do with (1) Access
    (2) Security and (3) Productivity, then why not add a new category to the
    list of "Employee Interest" notesfiles called: "World Interest" notesfiles.
    While it would be impossible to omit all company secrets from this select-
    ion, at least the Employee would be able to censor the resulting print-out
    before handing it off to his eager family members.

	The writers involved in these notesfiles would be primarily DEC employ-
    ees retaining the same flavor of the net as we now have, except with one
    exception: Keep all mention of company secrets out of these designated
    files so that they may easily be printed onto hardcopy for leisurely read-
    ing by family members.

	This solution would not help the future writers of the world who want
    to exercise their writing skills over the net, but would at least offer a
    way to read some of the material which is generated here and would be a com-
    promise of sorts.  In addition, I recommend that everyone adopt a similar
    habit of submitting batch read/print jobs late at night for the files which 
    they normally read/write to because it is much more efficient than having to
    weed through pages upon pages of material to avoid missing anything.

							-davo


    p.s.  Hardcopy containing company secrets (i.e. normal network notesfiles)
	would obviously be kept separate from that which could be distributed
	to be read by family members (ideally left at work).

While people may or may not agree as to what access should be allowed to
conferences/notesfiles, it has really been decided for them.  The policy
currently says something to the effect that such files are COMPANY ONLY;
note that this does NOT say 'and immediate family'.  It really is NOT
Digital's business to provide entertainment and machine resources for
family members; if it is entertainment you want, send the kids to the
movies.  If its learning, buy them a home computer (come on, a new person
NEEDING a 32 bit machine to learn ? :-) :-)  )

As for terminals at home and the doubling of salaries, you obviously make
the assumption that people that work at home work double time.  Well, they
sometimes actually work at home INSTEAD of the office.  And then the others
that work the two jobs.....  

Joe

>The policy currently says something to the effect that such files are COMPANY
>ONLY;

The first two categories of files (taken from EASYNOTES.LIS) are:
 
1.  Conferences that are open to all Digital employees and contain no
    proprietary information should be announced in EASYNET_CONFERENCES.
 
2.  Conferences that are open to all Digital employees, but contain
    information that should not be distributed outside Digital, should
    include the DIGITAL INTERNAL USE ONLY notice.  Announce these
    conferences.

Note that the first category is *not* "COMPANY ONLY" -- in the case of these
files, the information may be provided to people not employed by Digital and
their submissions may be accepted.

Now, how they access the files is yet another subject.  The only clearly
legitimate way would be for a person who has legitimate access to mail selected
notes from files in the first category to the outside participant and accept
the responses and post them on the outsider's behalf.

Somewhat less clear (since it is not clear that family members may even use
Digital owned computers at home) would be for the employee to make recent
postings available to the family member on the home system and post replies
on behalf of the family member.

/john

    RE: .34 Please note that the categories listed in EASYNOTES.LIS
    are not directly mappable with formal policy. Also EASYNOTES.LIS,
    not being an official (in a funding or chain of command sense)
    document should not be assumed to be a completely reliable guide
    in the area of policy. They don't let me make policy. Also if 
    someone sees anything in that document that indicates that it's
    perfectly ok to show things from notes to people outside DEC
    please let me know because it should not!
    
		Alfred    

    

Any DEC publication or document which does not say "For Internal Use Only" may
be shown to non-DEC people subject to good judgement.

We are only a secretive company where it is necessary.

/john

re:-1

Just to make a couple of points:

You're saying if it's not marker Internal Use Only it's ok to show around.  This
scares the hell out of me:

	First of all are you assuming that everyone should always look at the 
	introductory note (or possible a sub-note since there is no *official* 
	place (or is there?)) to see if this is a restricted file?  I can't buy
	this since it's just not realistic.

	Second of all, this also implies that everyone who looks at a notes 
	file *knows* what's restricted and what's not.  Most people know the 
	nature 	of most files they read but there are certainly ambiguities.

	Are you implying that the moderators be extremely cautious about 
	policing their files to make sure nothing slips in?  Some moderators 
	are very good about this while others are sloppy.

	Finally, there are a lot of people reading notes files that are just 
	plain careless.  I don't want any possible misinterpretations by them
	of what is and is not public.	


re:-2

I don't like the idea of saying it's ok for non-digital people to read even
public notes files.  Why?  Because this is an internal network.  If they have
access to public notes files they have access to non-public notes files and
that would compromise any network security.  The only way to privide public
access would be to make any notes files that are sensitive (such as this one)
use access control and that would be a MAJOR pain for the moderators since
peoples addresses are frequently changing.

-mark

    Reading notes files does not necessarily mean access to notes files.
    John says this quite clearly when he talks about mailing extracts
    from a file to someone not in Digital. In a similar light one can
    print contents of notes files and show it to someone outside the
    company. Whether to do this or not is really up to the discretion
    of the employee. There is no breach of confidentiality in showing
    someone printouts from Dave Barry, or Books or almost any of the
    non-work related conferences. Directly accessing the conference
    is another matter - this is rightly prohibited to non employees.
    
    Tim

    I'd like to reinforce what Tim and John said.  Employee interest
    conferences have no proprietary information, and it's up to the
    employee's discretion to print it out, or mail it through a gateway,
    to give to someone who is not an employee.  This does not mean that
    these conferences are open to public access; they are not!
    
    Easynet is NOT a public network!!  (Sorry for shouting, but this
    is an important point.)  Access is restricted to employees.
    Conferences are for the use of employees.  Some conferences are
    open (NOT "public") to all employees.  Other conferences are restricted
    to certain employees.
    
    Letting your family members look over your shoulder when you're
    in an employee interest conference should be no problem, but you're
    not supposed to let them use the terminal.
    
    If you write in an unrestricted conference, and the whole conference
    is not declared by the moderator to be for "DIGITAL INTERNAL USE
    ONLY," you better watch what you say and don't put any proprietary
    information in.  Even in a conference that is labeled "DIGITAL
    INTERNAL USE ONLY," take care with proprietary information.  Label
    your note if it contains proprietary information.
    
    The Personnel Policies and Procedures Manual, section 8.03 (?I think)
    covers what should be labeled and how.  (See topic 39 in this
    conference for ordering information.)  If you discuss information
    that is proprietary (or possibly so), treat the information with
    respect and don't depend on the mere fact that the network is private.
    
    Also note the distinction between "proprietary" and "private."
    The word "confidential" is associated with both words.  To be precise,
    we must protect the proprietary information of the company.  We
    should also protect personal privacy.  Not only ought we avoid invading
    others' privacy through indiscretion, we should also be discreet
    about our own personal lives.  If you "let it all hang out," you
    give up your personal privacy.  As someone observed, consider that
    everything you write is as good as attached to your resum�.
    
  --Simon
    

    It's good to see that people are concerned with ethics, using words
    like "supposed to" and "not public".  This shows that a lot of trust
    does exist!  If it did not we would be seeing demands that all non
    public conferences be made members-only, etc. I think that we can
    trust people's judgement in letting family members "look over their
    shoulders" and simply not put sensitive data into open conferences.
    
    Rick
    

    re: .40
    
    I would like to emphasize what Simon stated in reply 39:
    
    	*All* VAX Notes conferences on the Easynet are NON-PUBLIC!
    
    I believe the distinction you are trying to make is between restricted
    access and non-restricted access conferences.
    
    Please do not say nor imply that any material stored on computers
    owned by Digital Equipment Corporation is "public" - this is
    absolutely false.
    
    	- Jerry

>   Please do not say nor imply that any material stored on computers
>   owned by Digital Equipment Corporation is "public" - this is
>   absolutely false.

Conversely, please do not say that all material stored on computers owned by
Digital Equipment Corporation is "not public"  -- this, too, is absolutely
false.

Public information remains public even after it is stored on computers
owned by Digital Equipment Corporation.

/john

    re: .42
    
    There is a difference between material which is in the public domain
    and material which is accessible to the public.  Systems owned by
    DEC may be used to store programs which are in the public domain;
    however, the public does not, and should not, have access to the
    copies of those programs stored on our machines.
    
    There are very few exceptions to the above statement, and those
    that do exist require explicit approval from Corporate
    Telecommunications.  The fact that authorized exceptions to the
    rule exist in no way imply the rule is false.
    
    	- Jerry

Jerry, this discussion is going nowhere.

Let me end my participation by stating that I will consider anything stored
in a conference on this network which is not marked "For Internal Use Only"
to be public, i.e., something I may, using good judgement, show to anyone
outside this company.  This has nothing to do with accessing systems or files.

And only my manager will convince me otherwise.  The rest of you are full
of baloney.

/john

    I didn't mean to imply the material couldn't be shown to someone
    not employeed by Digital; I was pointing out that the word "public"
    should not be used to describe the material.
    
    	- Jerry

    Tonight's lesson in semantics:  Access vs. Dissemination 
    
    THE PUBLIC (outside Digital) DOES NOT HAVE ACCESS TO EASYNET!  If
    they gain access, as in logging in, that would be because some employee
    acted against company policy.

    Notes that do not contain proprietary information may be disseminated
    to people who are not employees of Digital.  This does not constitute
    "public access."
    
    Note that I said "notes that do not contain proprietary information."
    If some employee has been remiss in not properly labeling proprietary
    information, then it is incumbent on the reader to use discretion
    (as John said) in further dissemination.  I don't believe that John
    meant: "If it's not labeled, it must be for public consumption."
    
    We're getting somewhat far afield from the original question of
    access by family members.  So, to bring this topic back where it
    started, and to summarize:  The Easynet is for the use of Digital
    employees, not for their family members.  This has nothing to do
    with whether or not all information on the net are for internal
    use only.
    
  --Simon
    

    re: .46  Since netaccess is a separate priveledge from merely having
    an account, are you saying you would support family accounts but
    not e-net access?
    
    	RMM
    

    re .47 (re .46):
    
    No, that's not what I was saying.  Any node on the Easynet is provided
    by Digital for use by employees only.  I don't have the DIS policy
    in front of me, and I don't remember exactly what it says, but as
    I recall, it says that a node that has other than employees on it
    must not be connected to the net.  On stand-alone systems this policy
    probably wouldn't apply, but the management responsible for such
    systems may have a similar policy.
    
    It's a pity that Digital can't extend the fringe benefit of the
    use of the network to family members, but I just don't see how the
    company could do that without keeping all the proprietary stuff
    off all the systems.  Much as I advocate the existence of employee
    interest files, etc., there is a limit to what the company can support.
    
  --Simon
    

Re .48:

All the policies I have seen merely say that you have to go through
a lot of hair to allow a host with non-employee accounts on the net.
I recently reviewed all that I could find in SECURITY_POLICIES, when
someone was discussing setting up yet another on-line QAR system on
an ENET node.


While I don't agree with the notion of family access, I think a lot
of the arguments against it are an interesting demonstration of what
most users (and administrators) think of the access controls provided on
our O/S's - too much of a bother to use.  I suggest from these responses
that anyone who thinks that most of our confidential documents are
currently protected from unauthorized access is very wrong.
				/AHM

    re: .49
    
    There are two classifications of confidential engineering
    information:
    
    	o Digital Internal Use Only
    	o Digital Restricted Distribution
    
    Access to information classified 'Digital Restricted Distribution'
    must be controlled such that person or group responsible for
    the information has a list of everyone who has access.  This, of course,
    means that electronic access to the information must be tightly
    controlled.
    
    Information classified 'Digital Internal Use Only' does not require
    the same level of access control.  Information with this classification
    may be made available to any employee of Digital Equipment Corporation,
    at the discretion of the party responsible for the information.
    
    Given that corporate policy states that only Digital employees have
    access to our computer systems, and only our computer systems are
    connected to the Easynet, it is not unreasonable that information
    classified 'Digital Internal Use Only' is accessible to all users
    of the Easynet.  The lack of individual access controls on this
    information is one way of promoting information flow within the
    company.  If the initial assumption (i.e., that only employees
    have access to the Easynet) is correct, the information remains
    protected as required by Digital policy and by law.
    
    	- Jerry

Re .50:

>   Given that corporate policy states that only Digital employees have
>   access to our computer systems, and only our computer systems are
>   connected to the Easynet, it is not unreasonable that information
>   classified 'Digital Internal Use Only' is accessible to all users
>   of the Easynet.

Note, however, that neither of those assumptions are true.  Such a policy
does not exist (at least, if it does, it is rather difficult to reconcile
with other policies which explain how to violate it by defining whose
permission must be obtained to set up non-employee accounts).  Also,
non-employees have (officially granted) access to our computer systems, and
those computer systems (as well as other, non-Digital, computer systems)
are connected to the ENET.  This does not imply that any non-Digital
employees have undesired access to the ENET (as opposed to parts of the
host they are supposed to use).  Nor does it imply that they have access to
any confidential data, whether stored locally or remotely.  However, it
does imply that it is only the successful implementation of access controls
on the Digital systems on the ENET which can prevent such access.  All the
policies in the world don't mean a thing if the originating hosts don't
keep non-employees off of the net (whether by accident or malice), and any
node containing confidential information doesn't protect it adequately.

It is probably too far off the topic to drag in arbitrary system breakins,
so I'll just state that the penetration of the "no-network barrier" on
systems that are deliberate hosts for non-Digital folk is always possible.
I apologize if this assumption was like hiding an extra card up my sleeve.
				/AHM/THX

>    However, it does imply that it is only the successful implementation of
>    access controls on the Digital systems on the ENET which can prevent
>    such access. 

    Ahem...
    
    It is sufficient security to put our "guards and cameras" at every
    entrance and exit.  If the nodes where the non-employees log into their
    QAR accounts are rendered safe, if employees don't let non-employees
    use their accounts except under *strict* supervision (i.e. no open
    windows), and if arbitrary system break-ins are treated as preventable
    but not controllable, then the whole net is *mostly* safe without
    limiting the unrestricted flow of data within the corporation. 

    However, non-employees who are members of employees families *do* some-
    times get access to the network. In general, children of DEC employees
    don't dig up DEC secrets, and if they do, they don't do anything with
    them.  They can, however, be very destructive on a lark. Wives,
    parents, siblings, and grown offspring are a different story; they are
    likely to have other conflicting interests. 
    
    There needs to be a balance between the free flow of information within
    the company and its protection from outside people.  DEC culture cannot
    survive unless information which cannot be available to outside people
    is available within DEC *without asking permission*.  Security checks
    simply take too much time.
    
    The better it is understood that families of employees are *not* to
    have access to the network, the more latitude there is for freedom of
    information within the network.  The more that people assume that
    family access to systems on the net is a right, the more everyone will
    have to protect the information they handle daily from the unseen
    outsider.  That means security checks, access control lists, the
    works.
    
    That is simply the nature of things.  For DEC culture to prosper, it
    must be limited to DEC. 
    
    							Ralph

    re: .51
    
    The following is from Digital Information Systems Policies and
    Procedures No. 6.13, dated 11-Feb-1985:
    
    OBJECTIVE:
    
    [text omitted]
    
    The objective of this policy is, therefore, twofold:
    
    1.  To verify the business need.
    
    2.  To ensure that adequate controls are in place to:
    
    	a. Ensure the security of Digital's electronic information
    	b. Prevent any use of Digital's networks which could result
    	   in compromising the security of information stored on any
    	   external system.
    
    [text omitted]
    
    POLICY:
    
    1.  Computer systems within Digital, to which people who are not
    	Digital employees have access, can be connected to EASYNET or
    	other internal data network ONLY [sic] with the approval of
    	the parties listed below:
    
    	Area Telecommunications Manager (U.S., GIA, Europe)
    	DISMC member having jurisdiction over the application or
    		system(s) involved
    	Corporate Security
    	Law Department
    	Manager, Corporate Telecommunications
    	Others as may be required by the Corporate Telecommunications
    		Manager in certain cases
    
    2.  Computer systems within Digital which have DECnet, SNA, or X.25
    	links to other systems not owned by Digital and managed by Digital
    	personnel can be connected to our internal networks ONLY [sic]
    	with the approval of these same individuals.
    
    	Applications for any such connections must be accompanied by
    	a business justification, description of security measures
    	and audit plan, and names of the designated individuals who
    	will be held accountable for ensuring adequate information
    	protection and security.  A non-disclosure agreement will also
    	be required in some cases, at the discretion of the Law Department
    	and/or Corporate Security, particularly in cases where real
    	or potential access to sensitive corporate data is involved.
    
    3.  All existing connections or access privileges which fall into
    	the above two categories must also be assessed under the same
    	criteria.
    
    [text omitted]
    
    Corporate Telecommunications has the ultimate responsibility of
    removing any system from the network which does not conform with
    this policy and is judged to be placing the security of Digital's
    electronic information assets at undue risk.
    
    [text omitted]
    
    
    					Approved (Bel Cross)
    

    -------------------------------------------------------------------------
    
    I apologize for the omitted text; I don't have the time required
    to enter the entire document in at this time.  If anyone would like a
    photocopy, please send me mail.
    
    Basically, what all of this means is that the access controls which
    prevent undesired access to corporate data should be applied at
    the system level rather than the data level, unless further security
    is required by other policies.
    
    Alan is correct in stating that it is possible for the manager of
    a system to allow a non-employee to access the system.  This policy
    states that such access is not valid unless approved by the parties
    specified in this policy.  It is the responsibility of those parties
    to ensure that corporate data is protected either by appropriate
    access controls or by legal means (non-disclosure agreements).
    
    If anyone is aware of systems physically connected to EASYNET
    at the same time non-employees not approved as required by this
    policy are accessing the system, you should contact Corporate
    Security or Corporate Telecommunications.  I'm sure either group
    would rather follow up on a few possibly false leads than to risk
    our corporate data due to unauthorized access.
    
    	- Jerry
    

Re .53:

I'm sorry you had to type that in.  It wouldn't surprise me if that
document (not necessarily the same version) resides in the HUMAN::SECURITY_
POLICY conference (q.v.).

For the record, I had better state that I am not aware of any systems with
unauthorized customer accounts.
    				/AHM/THX

-------------------------------------------------------------------------
|                                                      | No:   6.13     |
| D I G I T A L  I N F O R M A T I O N  S Y S T E M S  | Date: 11/2/85  |
|                                                      |                |
|     P O L I C I E S  &  P R O C E D U R E S          | Rev:  NEW      |
|                                                      | Page:  1 of 3  |
-------------------------------------------------------------------------
|          CONNECTION OF SYSTEMS NOT OWNED BY DIGITAL (AND DIGITAL-OWNED|
| Subject: SYSTEMS TO WHICH PEOPLE WHO ARE NOT DIGITAL EMPLOYEES HAVE   |
|          ACCESS) TO INTERNAL DATA NETWORKS                            |
_________________________________________________________________________

OBJECTIVE:

There is often strong business justification for applications which:

1.  Depend upon network links between computer systems within Digital
    and systems owned by vendors, customer's research institutions,
    etc., or

2.  Require terminal (or PC) access to computer sytems on Digital
    premises by people who are not Digital employees.

The objective of this policy is, therefore, twofold:

1.  To verify the business need.

2.  To ensure that adequate controls are in place to:

    a.  Ensure the security of Digital's electronic information.
    b.  Prevent any use of Digital's networks which could result in
        compromising the security of information stored on any external
        system.

SCOPE:

    WORLDWIDE

DEFINITION:

For the purpose of this policy, workers on contract to Digital are con-
sidered Digital employees.

The following applies to both dialup and "hardwired connections, and
"gateway" connections to external networks are also included.


___________________________________________________________________________
|                                                       | No:    6.13     |
|  D I G I T A L  I N F O R M A T I O N  S Y S T E M S  | Date:  11/2/85  |
|                                                       |                 |
|      P O L I C I E S  &  P R O C E D U R E S          | Rev:   NEW      |
|                                                       |                 |
|                                                       | Page:  2 of 3   |
___________________________________________________________________________
|          CONNECTION OF SYSTEMS NOT OWNED BY DIGITAL (AND DIGITAL-OWNED  |
| Subject: SYSTEMS TO WHICH PEOPLE WHO ARE NOT DIGITAL EMPLOYEES HAVE     |
|          ACCESS) TO INTERNAL DATA NETWORKS                              |
___________________________________________________________________________

POLICY:

1.  Computer systems within Digital, to which people who are not
    Digital employees have access, can be connected to EASYNET or other
    internal data network ONLY with the approval of the parties listed
    below:

    Area Telecommunications Manager (U.S., GIA, Europe)
    DISMC member having jurisdiction over the application or system(s)
       involved
    Corporate Security
    Law Department
    Manager, Corporate Telecommunications
    Others as may be required by the Corporate Telecommunications
    Manager in certain cases

2.  Computer systems within Digital which have DECnet, SNA, or X.25
    links to systems not owned by Digital and managed by Digital
    personnel can be connected to our internal networks ONLY with the
    approval of these same individuals.

    Applications for any such connections must be accompanied by a
    business justification, description of security measures and audit
    plan, and names of designated individuals who will be held account-
    able for ensuring adequate information protection and security.  A
    non-disclosure agreement will also be required in some cases, at
    the discretion of the Law Department and/or Corporate Security, 
    particularly in cases where real or potential access to sensitive
    corporate data is involved.

3.  All existing connections or access privileges which fall into the
    above two categories must also be assessed under the same criteria.

RESPONSIBILITIES:

Information Systems Managers must ensure compliance with this policy
within their organizations.



_________________________________________________________________________
|                                                        | No:   6.13    |
| D I G I T A L  I N F O R M A T I O N S  S Y S T E M S  | Date: 11/2/85 |
|                                                        |               |
|     P O L I C I E S  &  P R O C E D U R E S            | Rev:  NEW     |
|                                                        | Page: 3 of 3  |
|                                                        |               |
__________________________________________________________________________
|           CONNECTION OF SYSTEMS NOT OWNED BY DIGITAL (AND DIGITAL-OWNED|
| Subject:  SYSTEMS TO WHICH PEOPLE WHO ARE NOT DIGITAL EMPLOYEES HAVE   |
|           ACCESS) TO INTERNAL DATA NETWORKS                            |
__________________________________________________________________________

Internal Audit willl periodically audit compliance according to the
audit plan submitted with the request.

Corporate Telecommunications is responsible for defining what consti-
tute "adequate security controls" and for identifying the tools and
techniques that are available for implementing such controls.

The requestor is responsible for obtaining the approval of the area 
Telecommunications Manager and DISMC member involved, and for then
forwarding the request to the Corporate Telecommunications Manager, who
will coordinate review by Corporate Security and the Law Department.

Corporate Telecommunications has the ultimate responsibility of remov-
ing any system from the network which does not conform with this policy
and is judged to be placing the security of Digital's electronic infor-
mation assets at undue risk.


RELATED POLICIES:

903-04:  Electronic Information Security
903-05:  Electronic Information Access
906.14:  Electronic Mail System Accounts for Those Who Are Not Digital
         Employees.
906.41:  Handling of Legally Regulated Information


          				Approved__________________________
                                            Signed by Bel Cross
                                            Corporate Manager, DIS            



			
		HOW TO SET UP CUSTOMER ACCOUNTS SECURELY
		----------------------------------------

			By Henry S. Teng

			Jan 10, 1985


Any systems or nodes that expect to setup accounts for outside customers 
on their systems should have SECURPACK installed and running. They should
also contact the Easynet Management Group before setting up the customer 
accounts and send a report to the Easynet Management Group on the actual
setup of these accounts afterwards. These systems are strongly urged to
upgrade to VAX/VMS V4.0 to take full advantage of V4.0 security features.

A system manager should take the following steps to make the customer
account secure and captive:

            o   Use an obscure password for any customer account and change
                the password frequently. Maintain a list of people who 
                are using the account. Changing passwords regularly will
                help you to keep the list current. Easily guessable
                account names/passwords such as GUEST/GUEST or USER/USER
                should not be used.


            o   Make sure that the customer account is in a group by
                itself. Also make sure that the customer account is 
                not a "SYSTEM" group - usually less than 10 in 
                octal, but to be sure check on your system.
                To find out if the group UIC is unique, type the
                following command to AUTHORIZE:

                  UAF> SHOW [groupuic,*]

                This ensures that the customer account can access 
                only its own and world-accessible files.


            o   Have the default login command procedure sit
                in the directory SYS$MANAGER by issuing the 
                following command to AUTHORIZE:

                  UAF> MOD customer-account/LGICMD=
                   SYS$MANAGER:filename.COM


            o   Make the account captive by issuing the 
                following command to AUTHORIZE:

                  UAF> MOD customer-account/FLAGS=(DISCTLY,
                       DEFCLI, LOCKPWD, CAPTIVE)


            o   Limit the number of subprocesses that an
                account could create to 0. The reason is
                that MAIL in VMS V4.0 can spawn a command.
                The command to AUTHORIZE is:

                  UAF> MOD customer-account/PRCLM=0


            o   The customer account should only have the 
                privilege TMPMBX.


            o   Make sure that the default login command 
                procedure has the following commands to
                handle error conditions:

                  $ SET ON
                  $ SET NOCONTROLY
                  $ ON ERROR THEN LOGOUT/BRIEF


            o   If LOGOUT is defined as a global symbol and points
                to a command procedure (do a $ SHOW SYM LOGOUT to
                confirm), have the following command in the 
                account default login command procedure:

                  $ DELETE/SYM LOGOUT/GLOBAL

                This will eliminate the possibility of breaking 
                the captive account at logout time by typing
                <CTRL>Y.


            o   To prevent an outsider from submitting a remote batch
                job under the customer account thus using your system
                resources, have the following command in the 
                account default login command procedure:

                  $ IF F$MODE().NES."INTERACTIVE" THEN LOGOUT/BRIEF

		Or set the /NOBATCH switch under V4.0 via AUTHORIZE.


            o   Make sure that the customer account's UIC has no more disk
                quota than needed.



            o   Do not use the INQUIRE command in any of the command
                procedures, because INQUIRE does an evaluation while
                taking in input. Use the following command instead:

                $ READ/PROMPT="...." SYS$COMMAND ANSWER
		$ IF F$LOCATE("F$", ANSWER).NE.F$LENGTH THEN LOGOUT
		$ IF F$LOCATE("@", ANSWER).NE.F$LENGTH THEN LOGOUT
		$ IF F$LOCATE("=", ANSWER).NE.F$LENGTH THEN LOGOUT

	
	    o   Use the automatic login facility provided in VMS V4.0 if
	        possible. The ALF facility assigns accounts to particular
	        terminals to enable an automatic login feature. This 
	        feature permits users to login without specifying a username.
		The scheme reduces the possibility of a customer or an intruder
		to break into other accounts. For more information see ALF
		in Section 5.2.9 Using the Automatic Login Facility in the
		"GUIDE TO VAX/VMS SYSTEM SECURITY" for V4.0.

            o   Make sure that MAIL, PHONE, and FAL are not installed with
                NETMBX in SYS$MANAGER:VMSIMAGES.DAT on your current system
                and after any VMS update or upgrade.

            o   Make sure that there are proper routines to perform a security
                audit on the customer accounts daily. On a VMS V3.x system,
                the accounting utility will provide valuable information.
                On a VMS V4.x system, it is possible to provide detail 
                information of all activities under the customer 
                account, if necessary, by setting /FLAG=AUDIT in AUTHORIZE.
                SECURPACK for V4.0 does capture and mail the information
                with other security activities when the /FLAG=AUDIT is set, 
                but a system manager is required to go over the report and 
                see if there is anything unusual.

            o   Have the following command in the default login command
                procedure to prevent a customer submitting a batch job from 
                a MAIL-ONLY account:

                               $DEFINE SYS$BATCH NL:

    Ya I'm all for giving accounts to a family member. Being in Branch
    support at least I'd be able to use somebody's account...
    
    
    Joe Craparotta
    

From:	EASYNT::MCCAULEY     "Bob McCauley VRO5-1/X2 273-3063" 18-SEP-1986 14:02
To:	VMSDEV::SZETO,MCCAULEY    
Subj:	RE: Access to Easynet

Simon,

I think your understanding is correct.  The network and the computers that
connect to it are there for business purposes.  In limited cases, where there
is a legitimate business need, we do allow accounts for non-DEC employees, but
that is subject to DIS Policy #6.13 and/or 6.14, and a very specific process.
In general, when an external connection or account is approved under those
policies, it is set up with safeguards to TRY to prevent misuse (e.g. tied
DECmail accounts, x.25 connections using PSI security controls, non-disclosure
agreements, etc.).

I think there is a draft policy under review (copies have appeared in a couple
of conferences several months ago) that speaks more specifically to the
use/abuse of computer and network resources (e.g. accounts are for emloyee's
use, not for spouses and children of employees), but as far as I know that
hasn't been approved yet.

As other replies noted, part of the problem is that our systems don't provide
all of the security controls that are needed.  VMS has good security features
IF someone takes the time to USE them, but with 12,000 nodes on EASYnet, only
7000 or so are VMS systems, and there are way too many that aren't set up
properly, or aren't monitored with regard to security.  Of course, security
is more important on some systems than others, but there are way too many
vulnerable systems.

I will try to get a chance to post a reply myself, unless you wish to post
this mail message.

Regards.
Bob McCauley 
DIS/DT-EASYnet Program Manager