× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. BPCS-L
  3. January 2001

Re: BPCS Security (was AS/SET Repository Installation 6.1.0)

  • Subject: Re: BPCS Security (was AS/SET Repository Installation 6.1.0)
  • From: "Genyphyr Novak" <novakg@xxxxxxxx>
  • Date: Wed, 31 Jan 2001 14:13:03 -0600
 
Hello,

I suggest that for V6.x users interested in improving the basic security of
BPCS (data file security) on the AS/400, to obtain BMR 51582, along with a
related (and very long) README. Ensure that you have the README as it
includes the required steps to activate the BMR!!

Related co-requisite BMRs are 39659 (complete, reference included security
BMR 56678 ) and 57230 (accepted, in process, workaround is simple until this
is ready).

Together with changes on the system administrator side about how user
profiles, observable BPCS programs and BPCS data files are set up on the
AS/400, this change in approach to database security in BPCS does protect
your data to a much greater degree than possible under the old security
model which the product was shipped with.

It prevents access to BPCS data files from all (or specified) users unless
they are inside the BPCS software, using BPCS programs toupdate the data.

Thanks

Genyphyr Novak
SSA GT


----- Original Message -----
From: <MacWheel99@aol.com>
To: <BPCS-L@midrange.com>
Sent: Wednesday, January 31, 2001 11:45 AM
Subject: Re: BPCS Security (was AS/SET Repository Installation 6.1.0)


> Is it possible to share some outlines of Security Policies that work for
> various versions of BPCS without spelling out for the bad guys what risks
> they can exploit with companies not with these policies?
>
> Our budget is for doing the best job we can for the company with a minimum
of
> additional expenditures to the computer infrastructure.
>
> Our policy starts with the notion that we TRUST our employees, and we
trust
> the personnel of companies with which we have trading partner agreements,
> what we do not trust is if & when we connect anything to dial in or
internet
> for connection by any random unknown persons, thus we need security for
> outside world connections to our system that we do not need for our
internal
> staff.
>
> This is one reason why I have been asking my management to put LANSA Smart
> Web for BPCS all versions on our budget for the future.  It makes for
secure
> internet connection to BPCS as far as I am concerned, so that down the
road
> we can have our customers connect to our information about them, using any
> browser, and drill down factory work by customer to see how we are doing
on
> parts in production that is specific to that customer.
>
> I believe that there are times it makes sense to piecemeal add useful
stuff
> for users & trading partners, but internet security is not one of those
> scenarios.
>
> If I was a betting man, the only security risk I would expect from
co-workers
> is theft of information if someone was about to leave our employ to go
work
> for a competitor.
>
> However no computer is an island in our dangerous world.
>
> The most frequent known attempts at breaches, of which we have foiled so
far,
> have been from work stations unattended, such as in unlocked offices
during
> lunch time, or exposed due to different work shifts, or sitting very close
to
> entrances & exits from the building.  In other words, we do know that
> unauthorized people try to get into our system, using whatever doors there
> are into it.
>
> Now while we do have security for our internal staff, it is more for
> productivity purposes than suspicion purposes ... a person who only needs
a
> limited number of menu options, can be given a menu with everything they
> need, organized according to their job function.  We want to help
trainees,
> learning some areas that are new to them, avoid accidentally deleting
> something, messing up contents of files, or messing up layout of files.
> Internal security is to maintain data integrity & help our work force
become
> more productive.
>
> We have people connected to our BPCS 405 CD mixed mode via twinax, 5250
> emulation, client access, and remote VPN ethernet emulating a local
> workstation controller.
>
> CA can get into 400 data without a 400 sign on or password.
>
> What are the risks?
> Without spelling out a road map to hackers.
>
> We have defined a secondary group of power users category system helpers
...
> they help their less skilled co-workers.  Our system helpers have been
> granted job control so that they can get into messed up stuff & attempt
> repairs.
>
> However, only the people who have been told the password for security
officer
> have also been granted hardware configuration authority.
>
> For example, we permit people within a department to access each other's
> reports.  We accomplish this by giving spool job authority to the BPCS
user
> group that everyone is in.
> This means that once in a blue moon person-A accidentally deletes person-B
> report(s). that person-B did not want deleted ... also I am making
judgement
> calls every week to delete hundreds of audit trails that are weeks old.
> We know an accident happens because the end user sends a message ... oops
I
> did this, what do we do now?
>
> Can the kinds of miskeying oops that might occur via a CA user do more
damage?
> Are there risks that someone who is not a hot shot PC user might mess
> something up & not know that they did so, so that we do not get the oops
> message?
> How do I know something just went out my barn door so I can recover it
from a
> recent backup?
>
> MacWheel99@aol.com (Alister Wm Macintyre) (Al Mac)
> AS/400 Data Manager & Programmer for BPCS 405 CD Rel-02 mixed mode (twinax
> interactive & batch) @ http://www.cen-elec.com Central Industries of
> Indiana--->Quality manufacturer of wire harnesses and electrical
> sub-assemblies - fax # 812-424-6838
>
> >  From:    Rob.Angermann@YAMAHA-MOTOR.NL (Rob Angermann)
> >
> >  Nathan,
> >
> >  Perhaps we should discuss the security policy which we have to apply,
now
> we
> >  work with BPCS.
> >  Let us discuss soon.
> >  Rob
> +---
> | This is the BPCS Users Mailing List!
> | To submit a new message, send your mail to BPCS-L@midrange.com.
> | To subscribe to this list send email to BPCS-L-SUB@midrange.com.
> | To unsubscribe from this list send email to BPCS-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner: dasmussen@aol.com
> +---
>

+---
| This is the BPCS Users Mailing List!
| To submit a new message, send your mail to BPCS-L@midrange.com.
| To subscribe to this list send email to BPCS-L-SUB@midrange.com.
| To unsubscribe from this list send email to BPCS-L-UNSUB@midrange.com.
| Questions should be directed to the list owner: dasmussen@aol.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.