RE: DB2UDB hack

From: Lukas Beeler

There are lots of things that can compromise the security of my

machine, but

i5/OS ain't one of them - it's people making decisions that degrade

the

Let me disagree here a bit. I know many, many shops that run unencrypted
5250/ODBC/FTP to their System i.

It is difficult for me to describe in polite terms the people that run their
shops this way.

This is horribly insecure, but it is a default configuration supplied by
IBM.

If you don't know enough how to set up your production machine, you hire
John Earl to do it for you.

If you don't do either, you deserve what you get.

On the other hand, I do understand your point that the machine could be
shipped a bit more secure. It should at least have two or three basic
configurations: not secure, pretty secure, and really secure.

But IBM, and most of it's customers, have been slacking off and have not
thought about using secure and encrypted methods to access their system
through the network.

Not my customers, in general, because I rail against things like ODBC and
FTP access. That doesn't stop them, but it's not out of ignorance.

(Please note that this is in no way a personal attack against you, I'm
talking about what I've seen at some of our customers)

If anything, you're slamming yourself, Lukas <grin>. Because as a
consultant it's your job to raise those concerns. But in the end, it's the
responsibility of the client, not the hardware vendor, not the software
vendor, not the consultant, not the government, to make sure the system is
secure. You either learn it or buy it, but security is your responsibility.

Joe