> -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:[EMAIL PROTECTED] On Behalf Of Clark F Morris > Sent: Thursday, September 07, 2006 8:31 AM > To: [email protected] > Subject: Re: KOREAN INSURER RETIRES 7,000 MIPS MAINFRAMES > >
<snip> > Are mainframe Linux applications more secure than non-mainframe? Assuming that the Linux application is not inherently insecure, I bet they are. The reason is that most exploits are architecture dependant. That is, they inject object code to be run. Since it is impossible to run x86 code on a zSeries, it is more secure because the code cannot be run. Also, most exploits depend as well on the stack architecture of the processor. The zSeries does not have an equivalent stack to corrupt in the same way. Now, having said that, it might be possible to create a zSeries specific virus. But it is unlikely due to the lack of targets. > Are > z/OS mainframe Websphere applications more secure than the same > functions in Websphere on non-mainframes or other operating systems? Good question. I don't know. I would guess that it is likely to depend on the application design and the underlying security architecture of the processor and OS. z/OS is generally far more secure in its design that UNIX or Windows. > How secure are some of the old CICS applications against an attacker > that knows CICS but not the individual applications? I would __guess__ that they are very secure. I cannot envision any way to "inject code" into a CICS application that would actually do something other than crash the CICS region (at worst). Most exploits are to get "enhanced capabilities". This simply cannot be done in CICS. There is no way to change from "user A" to "superuser" in CICS. Again, this assumes that the application cannot be compromised due to a coding error. The likelyhood of an "outsider" to have the time to "mess around" trying to find such an error is very slight. But they are there. I remember one where a user pressed an "unexpected" PF key and bypassed some processing. This resulted in an abend two transactions later because a temp storage queue had not been properly created. But, again, this did not result > > > >Mickey -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology This message (including any attachments) contains confidential information intended for a specific individual and purpose, and its content is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this transmission, or taking any action based on it, is strictly prohibited. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
