Rob Berendt wrote: > > While I think that running at less than level 30 is ridiculous I'd like to >bring > up a point. The way most people implement security, they might as well be >running at level 20. Hear Hear! > > Typical scenario: > Several libraries are owned by a group profile, let's use SSA for an example. > All the users have SSA as their group profile, (unless they are using the >other > package on the system to do their accounting). > Therefore all of the users, (at least the SSA users) have *ALL access to all >of > the files owned by SSA. > Security officer says I'm secure. I only allow them to access via menus. > Some user then downloads the file using Client Access. > Another user uses ftp from their PC to get to the data. > Another user, using NT and Client Access, clicks on start, run, and then >types in RMTCMD DLTF library/ECLL01 > Test this with rmtcmd sndmsg 'test' rob > Another user ... > > There are work arounds to limit this. Such as exit point programming. >Another method > is to change all of the green screen programs to adopt the authority of SSA >and change > the users to some other group profile. I've known companies who do this. I >don't know > what they do for the limited grey screen programs they use. Rob, The scenario you lay out is the entire reason for our software product's existance. Folks who think that just being at level 30 (or higher) security makes them secure are ususally due for a rude awakeing when one of their users discovers how to make ODBC work with WXCEL. jte -- John Earl firstname.lastname@example.org PowerTech Toolworks 206-575-0711 PowerLock Network Security www.toolnet.com The 400 School www.400school.com -- +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: email@example.com +---
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.