On Thu, 17 Apr 2008 22:07:11 +0800, Tommy Tsui <[EMAIL PROTECTED]> wrote:
>because our audit want to check the unauthorized user (outsource >programmer) download the source program from our shop. > >On 4/17/08, Binyamin Dissen <[EMAIL PROTECTED]> wrote: >> >> On Thu, 17 Apr 2008 15:00:29 +0800 Tommy Tsui <[EMAIL PROTECTED]> wrote: >> >> :>Is there any way that can keep track the usage of IND$FILE, if the user >> :>rename the IND$FILE to ther own location and call it with TN3270, how >> can we >> :>check this case. >> >> WHy do you want to do this? What is your business case? The problem, Tommy, is that IND$FILE is but one of many ways someone could download to a PC. The user could trivially use FTP to do that, if you have an FTP server active, or scp if you have SSH active. Or he could, as you mentioned, copy and rename IND$FILE to something else. Or he could bring in a program from another system. Or he could write a REXX exec to use TCP/IP functions to talk to a program on the PC. Etc. Auditing use of IND$FILE itself is but one way, though perhaps a simple one. But the exposure exists because you gave the user READ access to the data. Having that, there's little you can do to prevent him from copying it somewhere. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
