|
GLAD I/we could help Bryan !!! Chuck Bryan Burns wrote: > Thanks Chuck and Jim, due to your advice I have set QAUTOVRT to zero. > > (By the way Chuck, we have four vd* devd: two type 3196, and two type 3197. >Till you pointed it out, I was not aware what these were for). > > -----Original Message----- > From: Chuck Lewis [SMTP:clewis@iquest.net] > Sent: Wednesday, October 18, 2000 12:25 PM > To: MIDRANGE-L@midrange.com > Subject: Re: Okay to change QAUTOVRT to zero? > Importance: High > > ONE caveat to this... > > At my last job (2 1/2 years ago and running on V3R7) using Client Access to >connect > PC's, with QAUTOVRT set to 0, the system would STILL create these devices !!! > > So do a test and make SURE you are OK ! > > I just did that on our box (V4R1) connecting via TCP/IP and running Synapse >Netwolf > and it does NOT work (i.e. no device created and CPF87D7 (Cannot automatically > select virtual device.) message logged to QSYSOPR. > > Chuck > > Jim Langston wrote: > > > QAUTOVRT and security. > > > > It should be fine to change your QAUTOVRT to 0, since any needed devices > > by this time should already be created. They do not disappear after being > > created but hang around until you delete them manually, they are reused. > > > > So what's the big deal then? > > > > Say you have some hacker trying to access your system. He gets to your > > system either through dial in or telnet or similar methods. He tries to > > log into your system by guessing user names and passwords. Now, if you > > have your security set up correctly, when the system disables a user > > profile it will also disable the device. With QAUTOVRT set to 0 (do not > > create) once the hacker reaches the last usable device he will no longer > > be able to get a sign on. So you thwarted his attempts. > > > > But, with QAUTOVRT set to 1 (auto create) the hacker can try as often as > > he likes, because even though the virtual devices are becoming disabled, he > > just starts a new connection and a new one is created. > > > > The way to use QAUTOVRT with security in mind is to initially turn it on and > > allow a number of devices to be created. After enough auto devices get >created > > you turn it off. You now have enough virtual devices for everyone to get >onto > > your system that needs too, but no more will be created when someone comes >along > > and starts disabling them trying to hack into your system. > > > > Regards, > > > > Jim Langston > > > > Date: Tue, 17 Oct 2000 16:47:49 EDT > > From: MacWheel99@aol.com > > Subject: Re: Okay to change QAUTOVRT to zero? > > > > There are a couple issues here. > > > > Someone made a security review & suggested something to improve security. > > Bryan Burns asked what the implications of the adjustment might be. > > Al Mac asked what impact this might have on AUTHORIZED DIAL IN. > > Chuck Lewis implied that it might not interfere with ANY dial in. > > Which means that the original security reviewer missed something ... if a > > port or line is left open for the purpose of an AUTHORIZED dial in, or pass > > thru, then an intruder might also use that access. > > So what has been accomplished by adjusting QAUTOVRT from perspective of the > > security goals? > > Or am I off in left field ... QAUTOVRT is not FOR security of dial in, but > > for security of LAN attachments? > > > > Alister William Macintyre > > Computer Data Janitor etc. of BPCS 405 CD Rel-02 on 400 model 170 OS4 V4R3 > > (forerunner to IBM e-Server i-Series 400) @ http://www.cen-elec.com Central > > Industries of Indiana--->Quality manufacturer of wire harnesses and > > electrical sub-assemblies > > +--- > > | This is the Midrange System Mailing List! > > | To submit a new message, send your mail to MIDRANGE-L@midrange.com. > > | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. > > | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. > > | Questions should be directed to the list owner/operator: >david@midrange.com > > +--- > > +--- > | This is the Midrange System Mailing List! > | To submit a new message, send your mail to MIDRANGE-L@midrange.com. > | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. > | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. > | Questions should be directed to the list owner/operator: david@midrange.com > +--- > > +--- > | This is the Midrange System Mailing List! > | To submit a new message, send your mail to MIDRANGE-L@midrange.com. > | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. > | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. > | Questions should be directed to the list owner/operator: david@midrange.com > +--- +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
