× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. March 2003

Re: Security questions

Oliver,

Not knowing all of the details I can't say for certainty but I'd say you
have a good start.  However, it sounds like your security is based on the
green screen side of things.  Things I would recommend looking at:

1.) Control of your exit points into the system (ODBC, FTP, DDM, etc.).
You can write your own programs or acquire a third part product to do that
(PentaSafe, Powerlock, etc.).  We happen to use PentaSafe so if you want
some thoughts on that you can email me privately.

2.)  Think about the ability of users to run commands outside of the
command line process - remote commands, 3rd party software command
lines,etc.  A PC user with the ability to run remote commands won't be
stopped by the limited access setting.  I won't name names but we have a
3rd party software that provides their own menu system and command line
interface - guess what - limited capability is never brought into play.

3.)  Password control - complexity, # of attempts, etc.

I'm sure others will have comments.

There was a session at COMMON that referenced the top 10 security risks for
the iSeries, I'll see if I can find it and send you the list.  That might
be another point to review.

HTH

Michael Crump
Saint-Gobain Containers
1509 S. Macedonia Ave.
Muncie, IN  47302
(765)741-7696
(765)741-7012 f
(800)428-8642

Slow email use this:
mailto:mike.crump@xxxxxxxxxxxxxxxx

Fast email that isn't company standard use this:
mailto:mcrump@xxxxxxxxxxxxxxxx






                                                                                
                                                                
                      oliver.wenzel@xxxxxxxxxxxx                                
                                                                
                      ovartis.com                       To:       
midrange-l@xxxxxxxxxxxx                                                       
                                                        cc:                     
                                                                
                      03/20/03 05:05 AM                 bcc:                    
                                                                
                      Please respond to Midrange        Subject:  Security 
questions                                                            
                      Systems Technical                                         
                                                                
                      Discussion                                                
                                                                
                                                                                
                                                                
                                                                                
                                                                



Hello,

we have OS/400 security set up by the book - i.e. basically user has no
rights (limit capabilities *yes) to execute commands etc.
For productive data and objects user only have *read or *use authority.
The used programs belong to the application owner profile
and have adopted authority. System access for users goes through a menu
system.

So, where are the loopholes in this config?

Thanks,

Oliver
_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.