Actually, Greg's point number 2 is spot on. Upon close inspection, they actually be asking for some change control / management approval to protect sensitive load and source libraries.
Over the years, I've found it helpful to not jump to conclusions when presented with such. Rather, press for details, and keep pressing until you get something understandable. Often as not, it turns out to be something completely different. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Elardus Engelbrecht Sent: Tuesday, March 27, 2012 11:30 AM To: [email protected] Subject: Re: Malicious Software Protection Greg Dorner wrote: >Our auditors are insisting that we install a product that protects against >malicious software (viruses, worms, trojans, etc.). Groan...., you can replace/fire those auditors as mentioned earlier in this thread, but ... ;-D You have several choices. 1. Ask them to give reasons, examples and recommended vendors of such software. 2. Ask them to define malicious software, despite your description above. Seriously. 3. For native z/OS, they will have a hard way to get any vendors at all which can supply such software. Tell me if you can catch these vendors. 4. Despite point 3, there are 'scanners' which can search z/OS on various areas to look for 'holes'. They cost $$$ and is vendor specific. 5. Get 'penetration teams' or 'white hat hackers'. You have lots of $$$, do you? :-) 6. z/OS has very good security measures provided you have your controls in place. APF, parmlib settings, RACF, SMF, etc. are examples. See other's replies on this fact. 7. Speaking of RACF, there are third party RACF [or other ESM] administration and audit tools which could ease your work. 8. Weakest links are usually 'insiders'. They are the greatest threats unless I'm mistaken. They are usually after your 'live and sensitive production' data. 9. For z/Linux, USS, etc, there MAY be commercial or open-source antivirus software available, AFAIK. (USS - Unix System Service(s) - for those TLA haters... :-D ) 10. Give them IBM's Statement of Integrity. APAR reasons for security are hidden and you are usually asked to apply them because of some 'vulnurability' which IBM usually declines to divulge. 11. Ask those auditors if they have any tools to do the checks for such tools against malicous software THEMSELVES! This will silence them properly! >z/OS, with proper security controls (and believe me - we have LOTS!) should >not have to worry about such things, at least that's what I've always heard. Of course, but see above. >Any input on this topic would be GREATLY appreciated!! As Ted MacNeil insists, the auditors only RECOMMENDS, it is your management who can APPLY those recommendations. HTH! Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
