|
David, You said... >Because journals are one of the main ways of detecting unauthorized >activity it is very important that they are not the weak link. Getting >journals off of the system also reduces the chance that someone will >destroy your machine to cover their tracks. You're making an assumption that they are a weak link today. Ok. Let's go with that. My point is that your proposed solution doesn't necessarily solve the problem. Since, in the end you have to rely on some number of people not to delete the journal, you need to make sure that if it is deleted, you can know who deleted it. Copying the journal OFF of the OS400 system removes your ability to know WHO deleted it. We can certainly disagree about this, but my take is that losing that ability at least offsets any value you might have derived by copying it. Patrick Botz Senior Technical Staff Member eServer Security Architect (507) 253-0917, T/L 553-0917 email: botz@xxxxxxxxxx
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
