Everyone has rules and many of them don't seem reaonable to the people who didin't have a hand in making them or solving the problems that occurred before the rules were created. At your previous work site, they could read a thumb drive I broutht in but but security rules would not let them write to it. (So they emailed me the updates and I got them that evening in my hotel.) It still seems backwards to me but then I don't know what problem was being addressed.
At many sites, the security rules are the result of legislation or regulation, not corporate whim. You don't get fired for breaking them, you go to jail. Of course the steps I have to perform to download an ftp file to my mainframe that has no external connections are counter productive. But not quite as counter productive as losing the contract that pays for my data center to operate. ________________________________________ From: IBM Mainframe Discussion List [[email protected]] On Behalf Of Timothy Sipples [[email protected]] Sent: Tuesday, July 06, 2010 10:12 PM To: [email protected] Subject: Re: Backup/Restore products at z/OS sites Paul Gilmartin wrote: >Firewall security rules. Their z system is not permitted to connect >to ftp.cbttape.org. Elardus Engelbrecht replied: >Ok. Thanks. It seemed reasonable to me. Are those rules "reasonable"? I don't assume that, having observed the common consequences of such rules in the real world. In many instances such rules dramatically *reduce* overall enterprise security as business people (naturally!) bypass the rules to get their (expletive deleted) jobs done. Such rules might be a good way to end up with stolen laptops containing your customers' credit card numbers, passport numbers, dates of birth, and social insurance numbers, for example. Or to open up new and interesting hacker attack vectors that become available through the workarounds. It is also theoretically possible to heave your mainframe into the Mariana Trench, too, allegedly in the name of "security." And to disconnect all your telephones. It doesn't mean that's "reasonable." - - - - - Timothy Sipples Resident Enterprise Architect STG Value Creation & Complex Deals Team IBM Growth Markets (Based in Singapore) E-Mail: [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
