|
midrange.com
"threat vs $$"
This is the key to any shop's response/solution.
"Jim Franz"
<franz400@xxxxxxx
r.com> To
Sent by: "Midrange Systems Technical
midrange-l-bounce Discussion"
s@xxxxxxxxxxxx <midrange-l@xxxxxxxxxxxx>
cc
05/18/2005 02:28 Subject
PM Re: iSeries FTP security
Please respond to
Midrange Systems
Technical
Discussion
<midrange-l@midra
nge.com>
I also agree, but some of us have to work with the systems, tools &
resources handed to us.
I have ftp running on a small i5 and pickup critical data from various non
iSeries systems each evening. The exit programs (mine are homegrown via
Redbook samples) was "added protection" but i never implied to management
this system is bulletproof. We've had an annual discussion of
threat vs $$ and so far they have not funded a project to move to a more
locked down system design based on authority. Also have no disaster
recovery
except for offsite tapes - again a management decision. So for this
customer, the ftp exit does raise the security level to a certain degree.
It's all relative. The discussion about canonicalization has been
informative. I do think our group needs a rational discussion of common
sense things we need to be aware of for the many systems as they are now,
with that goal of tight object authority always kept in mind. There has to
be something between our current understanding, and flame throwing on
bugtrac.
jim
----- Original Message -----
From: "Dave Odom" <Dave.Odom@xxxxxxxxxxxx>
To: <midrange-l@xxxxxxxxxxxx>
Sent: Wednesday, May 18, 2005 2:04 PM
Subject: iSeries FTP security
> Patrick,
>
> You wrote:
>
> >>These are NOT vulnerabilities of FTP. They are vulnerabilities that
> arise
> from not managing object access control like you have to do on other
> systems. This is my point. All this talk of FTP and exit point
> programs
> totally misses the real issue people need to deal with...object access
> control is required in a network environment. <<
>
> I totally agree the problem is in properly securing the base objects.
> It is unfortunate that many iSeries shops treat security and therefore
> data integrity with such disregard. This was recognized as a problem
> and stopped in the '60/early 70's on mainframes, but that environment
> has always been more mature in most all aspects of systems management.
>
>
> I'm curious where the microsystems and Unix-flavored shops are in data
> integrity and security maturity. I suspect the microsystems shops are
> the worst.
>
> Take care,
>
> Dave Odom
> Arizona
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
_____________________________________________________________________________
Scanned by IBM Email Security Management Services powered by MessageLabs.
For more information please visit http://www.ers.ibm.com
_____________________________________________________________________________
ForwardSourceID:NT00021A96
_____________________________________________________________________________
Scanned by IBM Email Security Management Services powered by MessageLabs. For
more information please visit http://www.ers.ibm.com
_____________________________________________________________________________
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
