× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Shalom -

For simplicity I'll concede every one of your points.  Now please
explain to me why these are iSeries vulnerabilities rather than FTP or
LDAP vulnerabilities. 

Regards,
 
Scott Ingvaldson
iSeries System Administrator
GuideOne Insurance Group

-----Original Message-----
date: 17 May 2005 14:30:30 -0000
from: shalom@xxxxxxxxxx
subject: RE: iSeries FTP security

Exploits and vulnerabilities are not necessarily
based on buffer overflows and root access. 

Imagine that your application is a secure goverment building.
The people working in the building are the application users.

Each data file is in a tagged folder, that can be declared 
public, confidential, secret, and top-secret.

Jane works in the building, and can view confidential 
and secret files. (based on the object authority)

Jane's record holds the list of confidential files 
that she is allowed to take out. 

The security policy is that public files can be taken out, 
confidential files must be matched with the user's record 
to see if they can be taken out, secret and top-secret files
must not be removed from the premises.

If Jane takes a secret file, places it inside a confidential folder 
that she is allowed to take out, and manages to exit without
being stopped by the security guard (the ftp exit program), 
then we have a security vulnerability. 

The security guard should have verified that the folder matches its
contents.

Shalom Carmel
-------------


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.