W dniu 07.09.2020 o 14:57, kekronbekron pisze:
Makes me wonder.. some network products have a 'total lockdown' mode that stops
*anything* network. Like pulling the plug.
IBM can have a similar thing for z/OS TCPIP/SNA networks but I reckon it's more
effective if a similar lockdown (ugh) feature exists for RACF instead.
Of course, this will mean a whole lot of things will now start failing (perhaps
this feature can also write such lockdown-initiated violations into a special
report), but it may be worth shuttering things down before things can get worse.
Alternatively, storage boxes need to get intelligent with their metadata.
- KB
I see no relationship to the ransomware problem, however in z/OS you can
"totally lockdown" any network interface you want. Including offline the
device and chpid. And this is IMHO good for Hollywood movies, not as
real protection - this "plug out feature" would work ...when? After the
hacker started encryption, or just two minutes before? Who/what
recognize suspected activity? What if the activity was phony, just to
run "plug out feaure"?
My advice:
1. Only authorized users should have connectivity to the mainframe
...and any other resource. No more "any to any" company networks. Note:
"authorized" in this point has nothing to do with a mainframe. Just
Johny the Sysprog can connect to the host, but Jim the secretary cannot.
2. Only authorized users can logon. User, password, maybe MFA. Obvious.
3. Users are authorized to the resources they need, nothing more. Of
course we do not talk about READ to SYS1.HELP, but it is good idea to
not allow APF update to any TSO user. This is typical RACF
responsibility. Loooong story.
--
Radoslaw Skorupka
Lodz, Poland
======================================================================
Jeśli nie jesteś adresatem tej wiadomości:
- powiadom nas o tym w mailu zwrotnym (dziękujemy!),
- usuń trwale tę wiadomość (i wszystkie kopie, które wydrukowałeś lub zapisałeś
na dysku).
Wiadomość ta może zawierać chronione prawem informacje, które może wykorzystać
tylko adresat.Przypominamy, że każdy, kto rozpowszechnia (kopiuje, rozprowadza)
tę wiadomość lub podejmuje podobne działania, narusza prawo i może podlegać
karze.
mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950
Warszawa,www.mBank.pl, e-mail: [email protected]. Sąd Rejonowy dla m. st.
Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, KRS 0000025237,
NIP: 526-021-50-88. Kapitał zakładowy (opłacony w całości) według stanu na
01.01.2020 r. wynosi 169.401.468 złotych.
If you are not the addressee of this message:
- let us know by replying to this e-mail (thank you!),
- delete this message permanently (including all the copies which you have
printed out or saved).
This message may contain legally protected information, which may be used
exclusively by the addressee.Please be reminded that anyone who disseminates
(copies, distributes) this message or takes any similar action, violates the
law and may be penalised.
mBank S.A. with its registered office in Warsaw, ul. Senatorska 18, 00-950
Warszawa,www.mBank.pl, e-mail: [email protected]. District Court for the Capital
City of Warsaw, 12th Commercial Division of the National Court Register, KRS
0000025237, NIP: 526-021-50-88. Fully paid-up share capital amounting to PLN
169.401.468 as at 1 January 2020.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
