> -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:[email protected]] On Behalf Of Rick Fochtman > Sent: Wednesday, April 13, 2011 2:58 PM > To: [email protected] > Subject: Re: Fear the Internet, was Cool Things You Can Do in z/OS <snip> > Hal, you're right in that no security is without holes. > However, RACF, > physical security and staff training and standards can make the MF > security far tighter than anything we've seen on x86 based servers so > far. Emphasis on "SO FAR". I won't say that the MF is "unbreakable", > because as soon as I do, an ingenious idiot will prove me wrong. It > would be very interesting to see a RACF-like product for the > X86 world, > but how many so-called "System Administrators" would be able to grasp > the concepts, much less the mechanics? > > Rick
Try running Linux with the SELinux enhancements fully implemented. That makes Linux very difficult (to me) to break. SELinux implements MAC controls instead of DAC controls. And it can even make it impossible for "root" to modify some things without the proper SELinux authorities. One example is that it can prevent execution of code on the "stack" or even in malloc'd (GETMAINed) storage. The former is a common way for malware to get control with buffer overflows. Oh, and it can also prevent the code from modifying itself in memory as well. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * [email protected] * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
