|
I also agree, but some of us have to work with the systems, tools & resources handed to us. I have ftp running on a small i5 and pickup critical data from various non iSeries systems each evening. The exit programs (mine are homegrown via Redbook samples) was "added protection" but i never implied to management this system is bulletproof. We've had an annual discussion of threat vs $$ and so far they have not funded a project to move to a more locked down system design based on authority. Also have no disaster recovery except for offsite tapes - again a management decision. So for this customer, the ftp exit does raise the security level to a certain degree. It's all relative. The discussion about canonicalization has been informative. I do think our group needs a rational discussion of common sense things we need to be aware of for the many systems as they are now, with that goal of tight object authority always kept in mind. There has to be something between our current understanding, and flame throwing on bugtrac. jim ----- Original Message ----- From: "Dave Odom" <Dave.Odom@xxxxxxxxxxxx> To: <midrange-l@xxxxxxxxxxxx> Sent: Wednesday, May 18, 2005 2:04 PM Subject: iSeries FTP security > Patrick, > > You wrote: > > >>These are NOT vulnerabilities of FTP. They are vulnerabilities that > arise > from not managing object access control like you have to do on other > systems. This is my point. All this talk of FTP and exit point > programs > totally misses the real issue people need to deal with...object access > control is required in a network environment. << > > I totally agree the problem is in properly securing the base objects. > It is unfortunate that many iSeries shops treat security and therefore > data integrity with such disregard. This was recognized as a problem > and stopped in the '60/early 70's on mainframes, but that environment > has always been more mature in most all aspects of systems management. > > > I'm curious where the microsystems and Unix-flavored shops are in data > integrity and security maturity. I suspect the microsystems shops are > the worst. > > Take care, > > Dave Odom > Arizona
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.