Hehe "Reasonable" must be in the eye of the beholder. Witness that we see a lot of mainframes 'protected' by using Windows servers as a 'buffer' or 'shield'. FTP servers are one example, network encryption appliances are another, and TN3270 servers yet another.
And yet 99.99% of successful site penetrations used a Windows server as the attack vector. (None of the reported successful penetrations were via z/os.) What's wrong with this picture? HAL - a not so little speaking and thinking (?) computer person that saw the famous movie in the theater. :-D -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Timothy Sipples Sent: Wednesday, July 07, 2010 12:13 AM To: [email protected] Subject: Re: Backup/Restore products at z/OS sites Paul Gilmartin wrote: >Firewall security rules. Their z system is not permitted to connect >to ftp.cbttape.org. Elardus Engelbrecht replied: >Ok. Thanks. It seemed reasonable to me. Are those rules "reasonable"? I don't assume that, having observed the common consequences of such rules in the real world. In many instances such rules dramatically *reduce* overall enterprise security as business people (naturally!) bypass the rules to get their (expletive deleted) jobs done. Such rules might be a good way to end up with stolen laptops containing your customers' credit card numbers, passport numbers, dates of birth, and social insurance numbers, for example. Or to open up new and interesting hacker attack vectors that become available through the workarounds. It is also theoretically possible to heave your mainframe into the Mariana Trench, too, allegedly in the name of "security." And to disconnect all your telephones. It doesn't mean that's "reasonable." - - - - - Timothy Sipples Resident Enterprise Architect STG Value Creation & Complex Deals Team IBM Growth Markets (Based in Singapore) E-Mail: [email protected] NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
