Re: Security Level 30

> From: kjennings@garan.com
>  
>  Hi, group.  Please forgive my intrusion but I seemed to have joined the 
list
>  in the middle of a very interesting discussion.

You might like to check out the archives on midrange dot com & watch out for 
the KAK virus & seems to me there was another such alarm not so long ago.

>  Can anyone elaborate as to why Security Level 30 is inadequate?  
>  I am a developer currently acting as System Admin for our AS/400.  
>  My boss in New York
>  seems to think that Security Level 30 is more than enough.  
>  I'd like to show him why it isn't...
>  
>  Thanks!
>  
>  Kevin

If you are exclusively a twinax world with no PCs connected, and your AS/400 
is not connected in any way to the internet or anyone other than IBM able to 
dial in on your ECS line, and none of your users have command line authority, 
then Security Level 30 is probably adequate.

But if you have a typical software vendor product & users have command line 
authority, and PCs, then they can do anything to any of your files, 
deliberately or by accident, and if they can dial in from home, then so can a 
hacker.

You need to get your hands on some of the security manuals & other texts 
recently mentioned in various threads such as Object Authority & AS/400 
password.

Al Macintyre  ©¿©
http://www.cen-elec.com MIS Manager Programmer & Computer Janitor
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---