× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.







"threat vs $$"

This is the key to any shop's response/solution.

                                                                           
             "Jim Franz"                                                   
             <franz400@xxxxxxx                                             
             r.com>                                                     To 
             Sent by:                  "Midrange Systems Technical         
             midrange-l-bounce         Discussion"                         
             s@xxxxxxxxxxxx            <midrange-l@xxxxxxxxxxxx>           
                                                                        cc 
                                                                           
             05/18/2005 02:28                                      Subject 
             PM                        Re: iSeries FTP security            
                                                                           
                                                                           
             Please respond to                                             
             Midrange Systems                                              
                 Technical                                                 
                Discussion                                                 
             <midrange-l@midra                                             
                 nge.com>                                                  
                                                                           
                                                                           




I also agree, but some of us have to work with the systems, tools &
resources handed to us.
I have ftp running on a small i5 and pickup critical data from various non
iSeries systems each evening. The exit programs (mine are homegrown via
Redbook samples) was "added protection" but i never implied to management
this system is bulletproof. We've had an annual discussion of
threat vs $$ and so far they have not funded a project to move to a more
locked down system design based on authority. Also have no disaster
recovery
except for offsite tapes - again a management decision. So for this
customer, the ftp exit does raise the security level to a certain degree.
It's all relative. The discussion about canonicalization has been
informative. I do think our group needs a rational discussion of common
sense things we need to be aware of for the many systems as they are now,
with that goal of tight object authority always kept in mind. There has to
be something between our current understanding, and flame throwing on
bugtrac.
jim
----- Original Message -----
From: "Dave Odom" <Dave.Odom@xxxxxxxxxxxx>
To: <midrange-l@xxxxxxxxxxxx>
Sent: Wednesday, May 18, 2005 2:04 PM
Subject: iSeries FTP security


> Patrick,
>
> You wrote:
>
> >>These are NOT vulnerabilities of FTP.  They are vulnerabilities that
> arise
> from not managing object access control like you have to do on other
> systems.  This is my point. All this talk of FTP and exit point
> programs
> totally misses the real issue people need to deal with...object access
> control is required in a network environment. <<
>
> I totally agree the problem is in properly securing the base objects.
> It is unfortunate that many iSeries shops treat security and therefore
> data integrity with such disregard.   This was recognized as a problem
> and stopped in the '60/early 70's on mainframes, but that environment
> has always been more mature in most all aspects of systems management.
>
>
> I'm curious where the microsystems and Unix-flavored shops are in data
> integrity and security maturity.   I suspect the microsystems shops are
> the worst.
>
> Take care,
>
> Dave Odom
> Arizona


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


_____________________________________________________________________________

Scanned by IBM Email Security Management Services powered by MessageLabs.
For more information please visit http://www.ers.ibm.com
_____________________________________________________________________________


ForwardSourceID:NT00021A96

_____________________________________________________________________________
Scanned by IBM Email Security Management Services powered by MessageLabs. For 
more information please visit http://www.ers.ibm.com
_____________________________________________________________________________

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.