× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2002

Re: BugTraq Exploit for OS/400

This is a multi-part message in MIME format.
--
[ Picked text/plain from multipart/alternative ]
Security always walks a fine line between risk and inconvenience.  It is
often difficult to get the right balance.  When I audit AS/400s some of
the rules I suggest are:

1)  Try to make user names difficult to guess - if mine is MNORMAN then
yours could be JDOE, and I am half way there.
2)  Regularly check for password = profile name.  Preferably weekly.
3)  Profiles not used in over 100 days - delete / disable
4)  Use the minimum number of Q* profiles possible.  And with QSECOFR
consider using it only for major system changes, rest of time password
could be secured elsewhere

5)  If you are REALLY uncomfortable about passwords for some users then
look at token / smartcard solutions.
6)  Never tell someone why / how they had a bad signon
7)  Localize password reset / profile enable so that the "administrator"
knows the user
8)  Ensure that the signon screen warns all users that they must be
authorized to use that system.  Otherwise keep out.  It may not stop
people but it is critical in the eyes of the law.



Regards

Martin A Norman
Head of Technical Services NA
SafeStone Technologies
mnorman@safestone.com
1-800-558-3544

This email and/or attachments are privileged and confidential and
intended solely for the addressee. If you are not the intended
recipient, please notify us immediately. Disclosure, distribution or
copying of this email other than by the  addressee is strictly
prohibited. The company does not warrant that the information is free of
a virus or any other defect that may affect the recipient's computer
system and it is your responsibility to scan attachments (if any).

========================================

--

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.