|
"Is a dream a lie if it don't come true, or is it something worse?" >From "The River" by Bruce Springsteen Pat, > Exit points are useful for many things, they can give you additional > flexibility but, in my opinion, resource access control is really THE only > way to reliably manage access control for client access or green screen > apps. > I'm sure that it won't come as a surprise to you to find that I disagree, especially with this assertion: > resource access control is really THE only > way to reliably manage access control <rant> I've come to the conclusion that Resource Security on OS/400 is really a big lie. If you say that it is "really THE only way" to manage access control, then you have to say that OS/400 is the least secure operating system in deployment simply because NOBODY USES IT! This whole line of systems (S/36-S/38-AS/400-iSeries) has always been sold on applications. So could you please point me to a business application that actually uses resource security the way IBM advocates it? Are their any? Or is it all suppose to be "roll your own" by the end user community? You know that I understand resource security, and yes it can be made to work - heck we use it here at PowerTech to secure our own software, so that would seem to underscore your point. But the sad truth of the matter is that damn few other software vendors do the same. The poor system administrator who is trying to protect their corporate assets doesn't really stand a chance of using resource security to secure their system. Production systems today have a varied mix of unsecured applications, utilities, and yes, even OS code that a system administrator is not even cognizant of, let alone informed about its uses and security requirements. If all of the iSeries software vendors already secured their own stuff, this would be a much happier world. But if the truth of the matter is that the overwhelming majority of iSeries developers (including, in some cases, IBM) don't follow the dictates of resource security, then how can it be "THE only way"? Case in point; Pick a machine, any machine, and see how many sensitive objects *PUBLIC has access to. I just looked at a fresh install of V5R2 - of the 92 'Q' libraries loaded on this system, only 4 have a Default Create Value of something other than *CHANGE or *SYSVAL. The system value for QCRTAUT is still shipped as *CHANGE. The root directory of the IFS is still shipped with *PUBLIC having *RWX authority. So are QDLS, QFileServer.400, and QOpenSys. The system admin may be able to remove the Write authority to the root, but if you take away Read authority you'll break iSeries Navigator. Look a little farther and you see that there are several Message Files and Job Descriptions in 'Q' libraries that are set with *PUBLIC *CHANGE. Where is the resource security here? If I don't manage remote access of command execution and program calls, how do insure that the integrity of these objects stays intact? So if there are still parts of IBM that have not internalized the "resource security" mantra, what makes us think that the rest of world might someday embrace it? OK, I know you still don't see the value of exit programs to the IT manager's and system administrators who have to deal with this crap everyday, but I still have a lot of faith in you and the rest of the folks that work on security at IBM and I'm sure that someday you'll realize that exit programs are not just a viable alternative, but in fact an important element of OS/400 security. Even with a decent resource security scheme in place, you're still going to have to manage users ability to call programs, invoke commands, and update files (Just because I give a user *CHANGE access to the Customer file doesn't mean I want them to be able to use Excel to overwrite the Customer Number, which is the primary key - but resource security alone will let them.) Exit Programs give you more than just "flexibility", in the case of the original poster of this thread, they give him a way to engage in something other than green-screen computing without re-writing all of his applications because of pre-existing security flaws. That last point is terribly important to IBM and to the iSeries. If the only way that people could secure their existing applications is to completely re-architect them, nobody would do e-business on this box, nobody would serve web-pages, and nobody would network this machine. The cost of re-tooling would be so high that they would all be looking for exit strategies to other platforms. That's not the way that you or I might want things to be, but it's the way things are. So go ahead, beat on the vendors - Hell, you know I'll help you - but don't tell the system admin's that the only way to secure an iSeries is to re-architect everything into a resource security model. They'll never do it, and so security will never get fixed. And that's not good for anybody. </rant> jte (Midrange-l fair disclosure statement - Yes, I work for a security software company, and yes one of the products we sell is Exit Programs). -- John Earl | Chief Technology Officer The PowerTech Group Seattle, WA 98032 (253) 872-7788 x 302 john.earl@powertechgroup.com www.powertech.com --
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.