s-o-1036 June 1994

11.1. Leakage

The  most  obvious  form  of  security  problem with news is
"leakage" of  articles  which  are  intended  to  have  only
restricted circulation.  The flooding algorithm is EXTREMELY
good at finding any path by which articles can leave a  sub-
net  with  supposedly-restrictive  boundaries.   Substantial
administrative effort is required to ensure that local news-
groups remain local, unless connections to the outside world
are tightly restricted.

A related problem is that the sendme control message can  be
used  to ask for any article by its message ID.  The useful-
ness of this has declined  as  message-ID  generation  algo-
rithms have become less predictable, but it remains a poten-
tial problem for "secure" newsgroups.  Hosts with such news-
groups  may  wish  to  disable  the  sendme  control message
entirely.

The sendsys, version,  and  whogets  control  messages  also
allow  "outsiders"  to  request  information  from "inside",
which may reveal details of internal topology  (etc.)   that
are  considered  confidential.   (Note that at least limited
openness about such matters may be a condition of membership
in such networks, e.g. Usenet.)

Organizations  wishing to control these forms of leakage are
strongly advised to designate a small  number  of  "official
gateway"  hosts to handle all news exchange with the outside
world, so that a bounded amount of administrative effort  is
needed   to  control  propagation  and  eliminate  problems.
Attempts to keep news out entirely, by refusing  to  support

INTERNET DRAFT to be        NEWS                   sec. 11.1


an  official  gateway,  typically result in large numbers of
unofficial partial gateways appearing  over  time.   Such  a
configuration is much more difficult to troubleshoot.

A somewhat-related problem is the possibility of proprietary
material being disclosed unintentionally  by  a  poster  who
does  not  realize  how far his words will propagate, either
from sheer misunderstanding or because of  errors  made  (by
human or software) in followup preparation.  There is little
that can be done about this except education.