Another way would be to insist the 3rd party enhance the product to include a logging feature.
> -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:[EMAIL PROTECTED] On Behalf Of Jon Renton > Sent: Monday, January 29, 2007 1:49 PM > To: [email protected] > Subject: Getting control > > Hello, > > Thank you for the interesting discussion. I would like to > address some of the various points made. > > - Why? We want to "trap" calls to certain 3rd party products > and log these. > This is a standard auditing requirement and is not illegal. > The use of this information must of course be closely > controlled to avoid any misuse. No one worries above auditing > in for example RACF. This is not an ethical problem but is > now determined in part by legal requirements such as SOX. > > - Correct is that a 100% safe solution does not exist. Any > restriction can be circumnavigated with some criminal energy > and enough technical knowledge. > This applies to any security measure. > > - The possible approaches discussed all have one negative > aspect - they can require changes to load modules, JCL, > scripts, programs calls, etc. The problem is that the source > of the calls are not always known. Furthermore such changes > can be a maintenance overhead (eg. after applying updates). A > simple rename would in part solve the problem - is too easy > to get around. > > - My solution was as a result the hope, that it would be > possible to dynamically trap calls to certain programs > without any changes to other components. If required via a > subsystem or ???? IMHO I think this is the cleanest > architectural way to solve the problem. Unfortunately the > technical solution does not seem to be that straight forward - shame! > > I am wondering how products like Softaudit and PDSMan solved > the problem? > > Regards > Jon Renton > > -- > No virus found in this outgoing message. > Checked by AVG Free Edition. > Version: 7.5.432 / Virus Database: 268.17.12/654 - Release > Date: 27.01.2007 > 17:02 > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
