Clark Morris asks: >Are mainframe Linux applications more secure than non-mainframe?
Somewhat, in my opinion. The first thing to say is that Linux is Linux, so for anyone who still thinks that Linux is somehow emulated on System z, it's not. When you run Linux on the mainframe it's a 31-bit or 64-bit Linux kernel (and programs) running native ESA/390 or z/Architecture processor instructions. That said, the processor instructions are not X86 (though X86 machine instructions could be emulated through Bochs, QEMU, and other similar approaches). So, as mentioned, that closes down any X86 object code vectors. Any X86-exclusive viruses just aren't going to run by themselves. I would argue that z/VM offers some special protections not found in other Linux environments, especially in the area of network security. Mainframe Linux also protects better against DoS (Denial of Service) attacks than other Linux environments. There's also that X-factor called mainframe system operators, administrators, and programmers. These talented people, many of whom read IBM-MAIN, actually know what they're doing. Well, usually. :-) People are critical in securing IT systems properly. There are also many configurations where Linux basks in the glow of z/OS security features. A good example is the z/OS LDAP server. Linux can use z/OS's LDAP (via something called PAM) for authentication and authorization. This gets even nicer in z/OS 1.8. Crypto is stronger on the mainframe thanks to standard hardware-based crypto features. I think that's a plus for security, because it probably means that crypto will actually get used in all the appropriate places. Now add encrypting tape drives (with the new IBM TS1120 product) to the mix. There's a Statement of Direction for encrypting disk, so add that soon. Any virtualized Linux is going to be more secure on the mainframe because of strong memory protection features. There's no contest between z/VM and, say, Xen. So yes, I would say that the most secure Linux environment is System z, and there are a lot of reasons. - - - - - Timothy Sipples IBM Consulting Enterprise Software Architect Specializing in Software Architectures Related to System z Based in Tokyo, Serving IBM Japan and IBM Asia-Pacific E-Mail: [EMAIL PROTECTED] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
