|
What really IS important imho is that we work at it. All the smaller shops that are used to their Windows set up have never concerned themselves much with security and whether we like it or not that has been a very successful paradigm. We need to deal from reality here, and the reality is that management in many places accepts the Windows Security model as being appropriate to their needs. Therefore we need to learn from their model: work with it, keep the box going, keep the users active, and deal with the burglar and the vandal when they show up. Yes I know, this is pretty naive. On the other hand I'm using Windows tonight, not OS/2. _______________________ Booth Martin Booth@MartinVT.com http://www.MartinVT.com _______________________ Steve <steve@way.org.uk> Sent by: owner-midrange-l@midrange.com 09/28/2000 05:47 PM Please respond to MIDRANGE-L To: midrange-l@midrange.com cc: Subject: Re: INCREDIBLE - what am I missing here... ??? !!! In article <002701c0296e$aa8ecac0$6508a8c0@chi.ssax.com>, Phil Hall <hallp@ssax.com> writes >> Really that should not have been posted! Come on lets not give away all >our >> secrets. Lets not make it any easier for hackers to learn how to break >into >> the AS400. I know it is not easy, but how many people really knew where >to >> look for passwords. > >Knowing **where** they reside is probably 5% of the problem of actually >getting passwords back into clear text. But the password file is not the biggest worry. Let's face it, how many of your users had even heard of FTP five years ago? And now? and if they say 'ftp youras400', just to see what happens? It will give them a signon prompt. And they have a legitimate signon - except now they are not 'locked in' by menus, or library lists... It's the legit users you need to worry about, not some vaguely perceived hacker outside your firewall... Have you removed *PUBLIC from everything? Locked it all down with group profiles? hidden the IFS? Put in change control to make sure it doesn't get undone? Business partners broke the AS/400 wide open with menu-level security, and IBM handed the keys to the box over with Ops Navigator and TCP/IP. 95% of computer fraud is an inside job. Don't get me wrong - the AS/400 is God's Own Machine, as far as I'm concerned. But if we keep on parroting the myth of it's security we will be riding for a fall. It is as vulnerable to DoS attacks as any other machine, for instance - and my board wouldn't wait for me to explain how the 'secure' AS/400 had been made unavailable by a hacking attack like DoS if I had told them it was hacker proof... Security by obscurity is no security. -- Steve +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +--- +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
