IRC and Security

Scott Holt scott at prism.gatech.EDU
Mon Mar 18 04:31:59 AEST 1991 

There are a number of pluses and minuses concerning IRC - however,
the so-called security problems it causes are problems it has in
common with any communications medium. I don't think you will find
any medium which has not been used for some criminal purpose at some
time in its existance. 

The problems I have with IRC have nothing to do with security, but
the resources it takes. It has been mentioned that IRC is not a 
heavy load on resources - to that my reply is b------t. It may be 
a minor drain on network facilities, but it is a serious drain on other
resources. 

In particular, its a drain on the number of seats availble for people 
to do work on the systems that run IRC clients. It has gotten to the
point where I can log into our main time-sharing resource at just about
any given time of day and find 5-10 of the terminal ports consumed
by people using IRC or something very much like it. This goes on at
times when people trying to get a connection from our terminal server
network get denied access because no ports are available. I hate
to think how many workstation seats are used up with this stuff while
others are waiting - what are we supposed to do, walk around an look
over everyones'shoulders?

Ok, so why do we not restrict acces to IRC clients on our system?
Well, IRC client source is available from a number of places -
in fact, we don't support IRC at all, a user found the source, installed
it on his account and made it available to the rest of our users.
I have a feeling that if we took it away from that user (which would
open a whole new can of worms), it would simply reappear somewhere -
etc,etc,etc...The folks who manage our systems have better things to
do with their time.

I think the only way to keep IRC and similar facilities from becoming
more trouble than they are worth is for the folks to manage the relays
to take more responsibility. For example, if some site administrators
do not want people using IRC, then they should be able to have the
relay operators configure the relay to deny access to their sites.

Things like this are nice, and I will admit that they have potential 
value. However, the people who use them and support them have to put 
their use in perspective. At an institute such as ours, there are 
priorities that become painfully obvious when resources are limited.

-Scott

Disclaimer: these opinions are mine and may not represent those of
my employer.
-- 
This is my signature. There are many like it, but this one is mine.
Scott Holt                 		Internet: scott at prism.gatech.edu
Georgia Tech 				UUCP: ..!gatech!prism!scott
Office of Information Technology, Technical Services

More information about the Comp.unix.admin mailing list