× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. May 2005

Re: iSeries FTP security

I also agree, but some of us have to work with the systems, tools &
resources handed to us.
I have ftp running on a small i5 and pickup critical data from various non
iSeries systems each evening. The exit programs (mine are homegrown via
Redbook samples) was "added protection" but i never implied to management
this system is bulletproof. We've had an annual discussion of
threat vs $$ and so far they have not funded a project to move to a more
locked down system design based on authority. Also have no disaster recovery
except for offsite tapes - again a management decision. So for this
customer, the ftp exit does raise the security level to a certain degree.
It's all relative. The discussion about canonicalization has been
informative. I do think our group needs a rational discussion of common
sense things we need to be aware of for the many systems as they are now,
with that goal of tight object authority always kept in mind. There has to
be something between our current understanding, and flame throwing on
bugtrac.
jim
----- Original Message ----- 
From: "Dave Odom" <Dave.Odom@xxxxxxxxxxxx>
To: <midrange-l@xxxxxxxxxxxx>
Sent: Wednesday, May 18, 2005 2:04 PM
Subject: iSeries FTP security


> Patrick,
>
> You wrote:
>
> >>These are NOT vulnerabilities of FTP.  They are vulnerabilities that
> arise
> from not managing object access control like you have to do on other
> systems.  This is my point. All this talk of FTP and exit point
> programs
> totally misses the real issue people need to deal with...object access
> control is required in a network environment. <<
>
> I totally agree the problem is in properly securing the base objects.
> It is unfortunate that many iSeries shops treat security and therefore
> data integrity with such disregard.   This was recognized as a problem
> and stopped in the '60/early 70's on mainframes, but that environment
> has always been more mature in most all aspects of systems management.
>
>
> I'm curious where the microsystems and Unix-flavored shops are in data
> integrity and security maturity.   I suspect the microsystems shops are
> the worst.
>
> Take care,
>
> Dave Odom
> Arizona

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.