Leonard Woren wrote:
[...]
As has already been discussed, the biggest security loophole on any
system is unsecured unattended logons. Even my PC at home has a short
timeout to screensaver requiring a password. Back in the days of only
hardwired 327x terminals, I worked in a shop where the systems
programmers were in a very unsecure area. (Yes, you needed a badge to
get into the building. There were 70,000 valid badges.) I wrote a
TSO command called LOCK which required the logon password to unlock.
To get people to use it, the JWT timeout was set very short, and LOCK
had a subtask which woke up every few minutes to prevent timeouts.
The whole scheme worked quite well. Many people in the systems group
had "TSO LOCK" on an ISPF PFKey -- one keystroke when leaving your
workarea. OS/2 had a simple way to bring up the lock screen
immediately. (Two clicks, I think, but I'm too lazy to boot up my
OS/2 machine and look.) Where is this capability in Windoze?
It is built-in Windows NT (2000, XP) for years. CTRL-ALT-DEL and ENTER.
Voila.
Don't you know that ?
Other method:
Smart card in PC (or even PC keyboard). When you remove it, the pc
automatically get locked. The same card can be used as badge - I saw it
working in several companies.
What I didn't see is LOCK program. Yes, I know - you wrote it. But I
didn't. Many others also. I have never seen MVS installation with
similar facility.
IMHO M$ Win and IBM OS/2 wins over MVS in this competition.
--
Radoslaw Skorupka
Lodz, Poland
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
