19-Oct-84 09:39:54-PDT,11925;000000000001 Return-Path: Received: FROM SRI-NIC.ARPA BY USC-ISIF.ARPA WITH TCP ; 18 Oct 84 19:16:54 PDT Date: Wed 17 Oct 84 09:48:33-PDT From: DDN Reference Subject: DDN NEWS To: DDN-NEWS: ; cc: nic@SRI-NIC.ARPA ====================================================================== DDN NEWS 36 NETWORK INFO CENTER for 17 Oct 1984 DCA DDN Program Mgmt Office NIC@SRI-NIC.ARPA 415-859-3695 DEFENSE DATA NETWORK NEWSLETTER [Maximum Distribution Requested. The DDN NEWSLETTER is distributed by the Network Information Center under DCA contract. Back issues may be obtained by FTP from the directory at SRI-NIC [26.0.0.73 and 10.0.0.51]. ====================================================================== TOPICS 1. GUIDELINES FOR DDN TAC MANAGEMENT TO BE ANNOUNCED SOON 2. ARPANET TAC ACCESS CONTROL SYSTEM IS COMING 3. TAC STANDARDIZATION UNDER WAY 4. DDN USER ASSISTANCE AVAILABLE FROM THE NIC 5. DDN DIRECTORY NOW BEING MAILED ---------------------------------------------------------------------- GUIDELINES FOR DDN TAC MANAGEMENT TO BE ANNOUNCED SOON ------------------------------------------------------ Procedures to provide for configuration management of the DDN Terminal Access Controllers (TACs), as well as to identify and justify the current connections to the TACs will be issued as a DDN Management Bulletin. These procedures will also be released via AUTODIN message to the MILDEPS and Service O&M commands. The procedures will encompass TAC port allocation and management, processing requests for termination on a DDN TAC, validation of existing full period service, planned common user dial-access expansion, and publication of TAC dial-up phone numbers. Further, implementation of these procedures will eliminate the Quarterly Inventory Report previously submitted by the Node Site Coordinators. ARPANET TAC ACCESS CONTROL SYSTEM IS COMING ------------------------------------------- Over the next several months, a system will be put into operation to authenticate each user who attempts to access the ARPANET via a Terminal Access Controller (TAC). This is a separate system from the MILNET TACACS already in use to control access to the DDN through MILNET TACs. The new ARPANET TACACS system will affect only ARPANET TACs (which currently have no access control) and the UCL-TAC in London. Details of this new ARPANET TACACS system will be announced in future newsletters and Management Bulletins. The MILNET and ARPANET access control systems have a similar function, namely to restrict DDN access via TACs to authorized users, but are implemented differently. In the current MILNET TACACS, identification of authorized users is provided by the Host Administrators, and all users must be registered and given TAC Access cards by the DDN Network Information Center. In the new ARPANET system, a capability for registering authorized users will be provided to a "responsible person" in each government and contractor organization whose members need to use ARPANET TACs. Information about authorized users will be kept in a user database. A "user database tool" has been developed which the responsible persons in various organizations will use to add, delete, and change identifying information on authorized TAC users. The database tool resides on an ARPANET host and can be accessed by authorized persons over the network. Periodically, the user database information will be sent in a compiled form to each of several "login hosts" on the ARPANET. When a user on a TAC port tries to open a connection, he or she will be prompted for a name and password. The TAC will then interact with one of the login hosts to validate the given name and password. Each TAC will contain a list of all login hosts and, if one is down, the TAC will automatically try another. If the name/password pair is invalid, according to the login host, the TAC will give the user an error message and refuse to open the connection. Thus, access will be limited to users who have been entered into the user database by the responsible person of their organization. In addition to information about authorized users, the user database also contains records identifying organizations and their responsible persons. The organizations are arranged in a hierarchical structure, with DCA, due to its responsibility for operational management of the ARPANET, as the root organization at level zero. DARPA and other government organizations will be at level one and will be responsible for creating the next level. For example, IPTO will be an organization at level two (below DARPA). Below IPTO will be contractor organizations whose members need ARPANET access to support efforts performed for DARPA/IPTO. In each case, both user and organization records can only be created below a given organization by someone authorized to "act as" the organization. The responsible person can always act as the organization, and can also grant to another user permission to act as the organization. Thus, the responsible person can assign to a subordinate the job of actually manipulating the user database tool. The process is now under way of identifying responsible persons for organizations which use ARPANET, and sending them documentation on the user database tool. Soon after receiving this documentation, the responsible persons will begin entering authorized users into the user database. If you are an ARPANET TAC user, you should expect to be contacted by someone in your organization with a username and password prior to full activation of the access control system. A trial period will begin shortly, during which access control will operate using a universal username and password announced in the TAC herald. Before the end of this trial period, adequate notice will be given in the herald that individual passwords will soon be required. This will give users who have not been contacted time to track down the responsible person in their organization to obtain a username and password. TAC STANDARDIZATION UNDER WAY ----------------------------- 1. Background. Most of the active TACs on the MILNET and ARPANET have been in place over one year and, despite the recent completion of the project to replace all Honeywell TACS with C/30s, the back planes are not arranged according to a standard. Also, many dedicated users are unknown to the DDN PMO. 2. Objective. To standardize the physical back plane such that the 64 ports on the 8 fantail sections increase from 00-07 at lower left 10-17 at lower right, through 70-77 at upper right. That way the physical and logical ports will be identical. Where possible, ports 0-17 and 70-77 (octal) will be reserved for dedicated terminal connections, ports 20-47 for dial-up connections, and 50-67 for extra dedicated or dial-up as necessary. Also, to remove unauthorized user connections from all TACS. 3. Approach. The process will be handled by BBNCC Field Service under installation work orders from DCA/B647 as follows: a. The Installation Coordinator for B647 will obtain the latest TAC Inventory Report on file at the NIC, and verify/update with the Node Site Coordinator (NSC) by phone or electronic mail. b. The TAC Inventory Report will be forwarded to BBNCC under work order to provide the basis for scoping the job. c. When all is ready, BBNCC's Field Engineer (FE) will visit the site on a prearranged date to accomplish phase 1 of TAC standardization. This includes reconfiguring the TAC back plane as described in paragraph 2 above. The TAC will be off the air for a few hours at the most. Users will be notified in advance by a TAC herald. The FE, with NSC assistance, will update the TAC Inventory Report to reflect current physical/logical port correlated to type connection (dedicated, dial-up) and for all connections, the user/phone/address will be recorded/checked against NSC files. d. The completed TAC Inventory Report will be forwarded to the DDN PMO. The PMO will decide which, if any, connections are to then be reconnected to new specific ports to conform to the scheme in paragraph 2, above. Any dedicated connection for which no user name/phone/address can be found will be designated for disconnection. e. BBNCC's FE will return later to the site to execute the PMO's decision per a second work order. Again, this visit will be precoordinated and announced by TAC herald. DDN USER ASSISTANCE AVAILABLE FROM THE NIC ------------------------------------------ DCA has established an 800 toll-free number, 1-800-235-3155, at the DDN Network Information Center (NIC), in Menlo Park, California, to provide user assistance to DDN users. Users who experience problems with using the network in general, and with terminal-to-TAC use, in particular, are encouraged to make use of this service. User assistance is available Monday through Friday, 8 am to 5 pm Pacific time. Users who experience network problems outside these hours should call the Network Monitoring Center in Cambridge, Massachusetts, (617) 661-0100. In addition to the 'hotline` service, the NIC provides online user assistance via electronic mail to NIC@SRI-NIC.ARPA. The NIC also makes many online files available to users, such as protocols and host files, RFCs, IENs, and the TCP/IP Implementations and Vendors Guide. It provides the WHOIS/NICNAM service, which is essentially an "electronic white-pages" server for MILNET/ARPANET. A List-of-Lists of network special interest groups (SIGs) is also available, as are the archives for many of these groups. Other NIC activities include: 1. Registering authorized MILNET users in the NIC database and issuing them TAC access cards. 2. Assisting users in identifying and obtaining DoD protocols, RFCs, and other related network documents. 3. Maintaining and updating online databases, files and server programs to assist users in obtaining information needed to use the network effectively. 4. Serving as network Hostmaster and providing network naming and addressing server. 5. Producing hardcopy documents such as the DDN Directory, DoD Protocol Handbook, and the New User's Guide. 6. Serving as a network repository for protocols and related information DDN DIRECTORY NOW BEING MAILED ------------------------------ The 1984 DDN Directory is in the process of being mailed to many DDN users. This year the DDN Directory will be available for purchase to all non-DoD MILNET users (corporations, contractors, etc.) for a fee of $12 per copy, to cover the costs of reproduction and handling. Military personnel listed in the NIC WHOIS database at the time of publication will receive a complimentary copy, as will the Liaison, Host Administrators, and Node Site Coordinators. A portion of the books will be provided for distribution to DARPA's ARPANET users now listed in the NIC database. Anyone not included in the initial distribution can obtain a copy by sending a check for $12 to the Network Information Center, SRI International, 333 Ravenswood Avenue, Menlo Park, CA, 94025. The book will also be deposited at the Defense Technical Information Center (DTIC). ########### ------- -------