Rich,

One thing to remember is that the study was authored by
someone who sells solutions that address the issues 
raised.  Is it any surprise that their study finds that
people with System i's need their software to fix the 
issue raised?

While it is true that PowerTech sells solutions to _some_ of the
problems that were outlined in the study, it would be a mistake to
conclude that this study only looks at problems that our software
corrects.  

For example, the study found that 41% of shops are still at QSECURITY
level 30 and below. This is significant from a security perspective, but
PowerTech doesn't sell a product that will migrate your machine to level
40.  The same is true for the 12% of user ID's that carry default
passwords, and the 25% of systems that haven't turned on the security
audit journal (QAUDJRN).  PowerTech doesn't sell software solutions to
these problems.  You are going to have to fix them with the tools
provided in OS/400.

It is also worth noting that we believe in the data in this study - and
we have made real investments based on those beliefs.  For example, the
first study (2004) demonstrated that there was a very real problem with
how users with *ALLOBJ and other powerful authorities were not being
managed (and the 2006 study shows that out of an average of 749 users,
an average of 60 still have *ALLOBJ authority).  So we took an internal
tool (Authority Broker) that manages and monitors powerful users and
released it as a product in 2005.  The product has been accepted by the
iSeries community because (as the study data shows) the problem it
addresses is widespread.

Should you be surprised that we have solutions to some of the problems
that the study points out?  No.  We have been paying very close
attention to the needs of the iSeries security market and in doing so
have positioned ourselves to exercise leadership in this space.  Does
the study underscore what PowerTech has been saying about security for
10 years?  Yes - our message has been very consistent.  

And remember, the study doesn't indicate that there is a problem with
the underlying architecture of OS/400 security, it just says that system
admins (including a lot of us on this list) could do a better job of
managing the security on our favorite box.  And it has said that for
three years running now.

jte


--
John Earl | Chief Technology Officer
The PowerTech Group
19426 68th Ave. S
Seattle, WA 98032
(253) 872-7788 ext. 302
john.earl@xxxxxxxxxxxxx
www.powertech.com 
Celebrating our 10th Anniversary Year!
 
 
 
 
This email message and any attachments are intended only for the use of
the intended recipients and may contain information that is privileged
and confidential. If you are not the intended recipient, any
dissemination, distribution, or copying is strictly prohibited. If you
received this email message in error, please immediately notify the
sender by replying to this email message, or by telephone, and delete
the message from your email system.
--



This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].