|
At my last position where I was responsible for the AS/400 totally, I went though that book, "Tips and Tools for Securing your AS/400" step by step and checked the security on my AS/400, fixing some things that weren't right, mostly having to do with default passwords which I either changed or *disabled the account with a password of *NONE. I also ran the step for checking for adopted authority and found something like 2 programs on the entire system that adopted authority. I think it is extremly worthwhile to go through that book. But, as you mention, this was a small shop, so maybe you're right that it's not practiced in larger shops. Regards, Jim Langston -----Original Message----- From: owner-rpg400-l@midrange.com [mailto:owner-rpg400-l@midrange.com]On Behalf Of Chris Rehm Sent: Thursday, July 26, 2001 12:03 PM To: RPG400-L@midrange.com Subject: Re: Programing Question/Authority... Informal show of hands: How many read and apply such practices? Just curious. I have been in some big shops where this stuff wasn't practiced. When I worked in Las Vegas as a software vendor that was responsible for maintaining our software on the sites of our customers and those customers gave us network attachment, I used to use some pretty basic tricks to get to do what I wanted/needed. I never abused this to mess with data that I wasn't responsible for, but I knew that I could. I know that it is possible to be extremely secure on an AS/400. I am often impressed how far the system has gone with even basic standard practices. Maybe things are maturing, but I once walked into a Las Vegas property where I happened to be going to dinner and noticed a 400 sign on. I discovered that not all the IBM supplied IDs had been changed. Oops, I guess I'm getting awful far afield. But anyway, granting *owner authority does make sense at times but I think it really needs to be thought out and should be audited. Chris Rehm javadisciple@earthlink.net If you believe that the best technology wins the marketplace, you haven't been paying attention. ----- Original Message ----- From: "alan shore" <SHOREA@dime.com> To: <RPG400-L@midrange.com> Sent: Thursday, July 26, 2001 11:13 AM Subject: Re: Programing Question/Authority... > If you read the IBM security reference manual, there are ways to capture this (plus other) information, already available at NO cost (except development time). > > >>> <rob@dekko.com> 07/26/01 01:05PM >>> > > Chris, > > <snip> QSECOFR should be generating a report on objects with *owner > authority and an eye should be kept on how > they work. > <endsnip> > > Many of the security tools will do some of this work for you. - report on > objects with *owner authority. An example is PentaSafe. How they work, > may be a separate issue. > > > +--- | This is the RPG/400 Mailing List! | To submit a new message, send your mail to RPG400-L@midrange.com. | To subscribe to this list send email to RPG400-L-SUB@midrange.com. | To unsubscribe from this list send email to RPG400-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +--- +--- | This is the RPG/400 Mailing List! | To submit a new message, send your mail to RPG400-L@midrange.com. | To subscribe to this list send email to RPG400-L-SUB@midrange.com. | To unsubscribe from this list send email to RPG400-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
