× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. BPCS-L
  3. January 2001

Re: BPCS Security (was AS/SET Repository Installation 6.1.0)

  • Subject: Re: BPCS Security (was AS/SET Repository Installation 6.1.0)
  • From: MacWheel99@xxxxxxx
  • Date: Wed, 31 Jan 2001 12:45:14 EST
 
Is it possible to share some outlines of Security Policies that work for 
various versions of BPCS without spelling out for the bad guys what risks 
they can exploit with companies not with these policies?

Our budget is for doing the best job we can for the company with a minimum of 
additional expenditures to the computer infrastructure.

Our policy starts with the notion that we TRUST our employees, and we trust 
the personnel of companies with which we have trading partner agreements, 
what we do not trust is if & when we connect anything to dial in or internet 
for connection by any random unknown persons, thus we need security for 
outside world connections to our system that we do not need for our internal 
staff.  

This is one reason why I have been asking my management to put LANSA Smart 
Web for BPCS all versions on our budget for the future.  It makes for secure 
internet connection to BPCS as far as I am concerned, so that down the road 
we can have our customers connect to our information about them, using any 
browser, and drill down factory work by customer to see how we are doing on 
parts in production that is specific to that customer.

I believe that there are times it makes sense to piecemeal add useful stuff 
for users & trading partners, but internet security is not one of those 
scenarios.

If I was a betting man, the only security risk I would expect from co-workers 
is theft of information if someone was about to leave our employ to go work 
for a competitor.

However no computer is an island in our dangerous world.

The most frequent known attempts at breaches, of which we have foiled so far, 
have been from work stations unattended, such as in unlocked offices during 
lunch time, or exposed due to different work shifts, or sitting very close to 
entrances & exits from the building.  In other words, we do know that 
unauthorized people try to get into our system, using whatever doors there 
are into it.

Now while we do have security for our internal staff, it is more for 
productivity purposes than suspicion purposes ... a person who only needs a 
limited number of menu options, can be given a menu with everything they 
need, organized according to their job function.  We want to help trainees, 
learning some areas that are new to them, avoid accidentally deleting 
something, messing up contents of files, or messing up layout of files.  
Internal security is to maintain data integrity & help our work force become 
more productive.

We have people connected to our BPCS 405 CD mixed mode via twinax, 5250 
emulation, client access, and remote VPN ethernet emulating a local 
workstation controller.

CA can get into 400 data without a 400 sign on or password.

What are the risks?
Without spelling out a road map to hackers.

We have defined a secondary group of power users category system helpers ... 
they help their less skilled co-workers.  Our system helpers have been 
granted job control so that they can get into messed up stuff & attempt 
repairs.

However, only the people who have been told the password for security officer 
have also been granted hardware configuration authority.

For example, we permit people within a department to access each other's 
reports.  We accomplish this by giving spool job authority to the BPCS user 
group that everyone is in.  
This means that once in a blue moon person-A accidentally deletes person-B 
report(s). that person-B did not want deleted ... also I am making judgement 
calls every week to delete hundreds of audit trails that are weeks old.
We know an accident happens because the end user sends a message ... oops I 
did this, what do we do now?

Can the kinds of miskeying oops that might occur via a CA user do more damage?
Are there risks that someone who is not a hot shot PC user might mess 
something up & not know that they did so, so that we do not get the oops 
message?
How do I know something just went out my barn door so I can recover it from a 
recent backup?

MacWheel99@aol.com (Alister Wm Macintyre) (Al Mac)
AS/400 Data Manager & Programmer for BPCS 405 CD Rel-02 mixed mode (twinax 
interactive & batch) @ http://www.cen-elec.com Central Industries of 
Indiana--->Quality manufacturer of wire harnesses and electrical 
sub-assemblies - fax # 812-424-6838

>  From:    Rob.Angermann@YAMAHA-MOTOR.NL (Rob Angermann)
>  
>  Nathan,
>  
>  Perhaps we should discuss the security policy which we have to apply, now 
we
>  work with BPCS.
>  Let us discuss soon.
>  Rob
+---
| This is the BPCS Users Mailing List!
| To submit a new message, send your mail to BPCS-L@midrange.com.
| To subscribe to this list send email to BPCS-L-SUB@midrange.com.
| To unsubscribe from this list send email to BPCS-L-UNSUB@midrange.com.
| Questions should be directed to the list owner: dasmussen@aol.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.