× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Your analogy, to me, still deals with the concept of restricting ingress not restricting egress.

I have never stated restricting ingress should be ignored. I am a huge proponent of restricting ingress.

I have stated not restricting egress is absurd IMHO.

Gary Monnier


-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of CRPence
Sent: Thursday, May 17, 2012 3:04 PM
To: midrange-l@xxxxxxxxxxxx
Subject: Re: RMTCMD's security?

On 17 May 2012 12:41, Monnier, Gary wrote:

I've had to read your response several times and I have to say I'm at
a loss. You seem to be implying the System i doesn't provide any
security features, especially ones auditors will accept.

No such implication. In fact I _asked_ in what ways the implied resolution [by providing "alternative options" to the commands] would be a resolution, and for whom. Were they suggesting merely to appease the auditors, even though possibly, effectively nothing has changed? Other tooling and programming can give the same function of the since locked-down commands; even those same commands may exist on other systems in the network. Unless the target system blocks such requests, attempts to block such requests from every possible source\client could be somewhat futile; with regard to the effect on the security of the target.

In my stated opinion, I was alluding something analogous to... The owners of a self-service storage facility previously had given to some people, some keys to its various lockers. Those people should no longer have access to those lockers. The owners have blockaded all but a few entrances to the areas where the lockers are located within the storage facility. However the locks on the lockers in the facility remain unchanged. Is the storage facility effectively as insecure as it was prior to the blockades being installed? Nothing alluded in the scenario prevents those holding the keys from using one of the entrances that is not blockaded, thus they are able to access the lockers with the keys they were given previously.

So let me ask you a question...

If someone can log onto a system can they perform any task they are
authorized to regardless of how they sign on ( TELNET, FTP, AREXEC,
RUNRMTCMD, HLAPPI API )?

Effectively. And even if some feature is employed to deny the authenticated user any access to certain unsecured resources via each of those specific methods\interfaces to access the system, then still lacking resource security at the target, there remains any possible alternate means of access not yet realized by the system owner; i.e. via means for which preventive measures have not yet been employed. That is, the users still have the keys, but there could remain some entrances that have not been blockaded; if they should not have the access [the keys], then the resources must be protected with exclusionary authority [new locks].

Or two questions... :)

If someone is forced to provide a user name and password to sign onto
a system is the system more secure than if they do not have to provide
them?

Inherently; as much as passwords can be trusted. But authentication is only part of the process; that is merely the entry-point. What matters then, is the access to the resources. That is true whether access to the resources is via a proxy or the authenticated user; e.g.
authentication may be from somewhere else in the network, thus entry could be granted, so effectively the authorities to the resources are all that remain to protect those resources.

If that authenticated user has more access\authorization than is required to do their work at the target, then they can still do accidental or nefarious harm. Via usr\pwd they can gain entry, and by authority to the resources they have the keys. So even when access methods A and B may prevent the authenticated user from performing something they should not, there still remains the possibility of access methods Y and Z for which similar preventives have not been employed; e.g. menu-based security is of no assistance, when the access is not ensured to be limited only to menus.

If that authenticated user has no access\authorization beyond what is required to do their work at the target, then they can only do what they are authorized to do.

Regards, Chuck
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.