|
SC41-3000 blue cover manual "Tips and Tools for securing your AS/400" should have come with your OS/400 - this was the single greatest OS/400 security manual I ever saw prior to IBM school on the subject ...it is part of my reccommended reading to all new managers that I report to (none of whom have looked at it to my knowledge) and to project team members associated with upgrades & application development (3 of these folks have studied it) ... also check out S6019 student notebook appendix B "AS/400 Security Tips and Check Lists" This blue cover manual makes many types of security meaningful ,,, you can see what is very similar to S/36 thinking & what is new to your latest reality. There's examples of various internet & other connections in which it spells out the security risks you need to deal with. However, two chapters are missing from this fnine manual. (1) Balancing what typical software vendors do to us contrary to the spirit of IBM security reccommendations, especially those vendors that have the strong backing of IBM marketing ... in some cases responsible compromises are possible & should be spelled out, instead of the reality of one branch of IBM making security suggestions, and another branch of IBM making their implementation a joke. (2) Implications & risks of compounding common management decisions which in concert open some security doors & what the degrees of rsik are ... here's examples from where I work We have ERP, that at one time IBM reccommended at the same time as reccommending totally contrary security than the practices of that ERP, in which all users in a group have ownership privileges to all files in the ERP. Most users have command line authority. Many users connect via PCs. We are on the internet & have PC Anywhere & Carbon Copy & other systems like that. Our ECS line has zero security over & above any physical connections ... it had at one time but that was taken away from me ... and several vendors have connection protocols in which we have zero knowledge of what kind of security practices those vendors might have sharing passwords of their employees accessing our system. I see humongous security exposures in the above story, for which the IBM manuals do not address which of the above decisions warrant the most effort to secure better, and I do not consider our mixture to be that unique. PS you cannot dial into our AS/400 from the web site in my sig. If you go to the customer service page & you happen to know one of our ERP end customer item#s, which use the customer part# as our item#, you can get at pretty current info on that item, but this data is delivered to web site in a way we believe to be satisfactorily hacker proof unless the hacker compromises our ISP. Al Macintyre ©¿© http://www.cen-elec.com MIS Manager Programmer & Computer Janitor +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
