I went to Wayne Evan's talk too. I don't think C2 is totally useless - a lot of C2 is based on vulnerabilities found on other systems. Sending "garbage" to UNIX commands or APIs is a common way to cause the system to hiccup & thereby get arbitrary commands executed by the Kernal. I would hope the AS/400 is better designed than this, but you never know what someone might try (and succeed at). Likewise, wiping out all temporary storage and memory is a way to prevent clever systems programmers from seeing what they shouldn't (no one on this list knows how to view another user's QTEMP, right?) While level 50 is definitely way too much for the majority of AS/400 sites, I would still consider it in some circumstances. You may want to look at it if: - You are using an AS/400 as a firewall, or otherwise directly connecting it to the Internet. There is a high and uncontrollable risk here. - You are storing information that is really really confidential and has to be protected no matter what, and where it is worth a lot of trouble for someone to try to get this information (credit card numbers, maybe) - You hired Steve Glanstein as a security consultant. Remember, you pick your security measures based on your risk/cost trade-offs. In some cases this may mean level 50. - Vincent LeVeque PS. Steve, I was just kidding - I know you have the highest degree of integrity. You wouldn't throw me out of COMMON for making a joke, would you? YOU WOULD? +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to "MIDRANGE-L@midrange.com". | To unsubscribe from this list send email to MAJORDOMO@midrange.com | and specify 'unsubscribe MIDRANGE-L' in the body of your message. | Questions should be directed to the list owner/operator: firstname.lastname@example.org +---
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.