On Jan 26, 2008, at 2:19 AM, shai hess wrote:
Errr..ummm..... the auditors probably won't let you...that is the
reason why the MF world has the program that is *SECURITY*.... I
could name ACF2 or Top Secret as they will sooner or later do the
same thing. See I didn't mention the 4 letter word:)
I am nor familiar with the security software in MVS, but please
answer my
question what I need to do that the auditors will let the software
to run in
PC?
Its *ACCESSING* MF data for all they know you could be updating it or
reading information that you(the user) are *NOT* supposed to
access ... oh lets say SSN#, payroll information, account balances or
accounts rec/pay the list goes on and on and on. There is *NO* record
of the user accessing the data and no check to be able to see if the
user is even allowed. Just because it comes from an "IP" address
doesn't mean squat and besides PCs are kept in open areas where
anyone can just walk up to it. If there is no sign on then there is
no validation of what the user can do.
MF security (I won't use the four letters you don't want to talk
about ) is a *KNOWN* quantity and auditors trust it, this PC you are
talking about has essentially zero security (not quite but close to).
If you can get the OK from an auditor I sure wouldn't want to have my
business(or personel) records anywhere near the company. One of the
items that IBM can say honestly that there are never has been anyone
to fool SNA or channel attached devices for malicious purposes. While
the data going over SNA can be encrypted it can be encrypted as well
by IP (on the sort of plus side I don't know anything about the
encryption that the modems do so the IP may well be better encrypted
than the SNA), I will leave it to modem encryption people to speak up
here. There are also side issues.
I also believe (but do not know for sure) that certain fields
(specified by the user) in DB2 are encrypted. How are you going to
handle those?
I would also heed Timothy S.'s warning about the internals of DB2
data sets, if it breaks IBM will *NOT* help you as essentially the
DB2 data set(s) is laid out with pointers and other fields that are
used by IBM *INTERNALLY* only and they do not publicize the layouts.
They don't have to either.
Ed
RCAF (I change the order of the bytes...:)) is a legend or human
software?
What I need to do in PC to make the MFNetDisk a secured software
for MF
users? your answer must start with 1...2...3...
Thanks,
Shai
On 1/25/08, Ed Gould <[EMAIL PROTECTED]> wrote:
On Jan 26, 2008, at 1:36 AM, shai hess wrote:
Question, how are you going to handle security, especially if its
RACF?
Two options:
1. Query MVS RACF from PC before accessing the data.
2. Using MFNetDisk security which allow only specific IP to access
the data
(IPOK in my documentation).
Security, Security and more Security.
MFNetDisk mirrors and data is not going to be a site which everyone
in the
world can access, put virus and surf the Internet.
I want to hear from all of you (please do not mention RACF again
because
this will force me to access MF) what you think about security in
MFNetDisk
data and mirrors. What is the best way to handle security better
then
allowed only specific PC to access the data.
Thanks,
Shai
Errr..ummm..... the auditors probably won't let you...that is the
reason why the MF world has the program that is *SECURITY*.... I
could name ACF2 or Top Secret as they will sooner or later do the
same thing. See I didn't mention the 4 letter word:)
Ed
---------------------------------------------------------------------
-
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN
INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
