"I see no relationship to the ransomware problem,..." The whole topic is a hypothetical discussion.. don't know what to say for the relation not being understandable. Just a thought for damage control..
Obviously, obvious security measures have still let this hypothetical problem through (either bypassed or less-than-optimal security measures).. so fiddling with user accesses at this point is irrelevant. Whole world knows how to prevent.. but actually doing it is a whole another matter of tools, processes, capabilities, and such. - KB ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Monday, September 7, 2020 7:08 PM, R.S. <r.skoru...@bremultibank.com.pl> wrote: > W dniu 07.09.2020 o 14:57, kekronbekron pisze: > > > Makes me wonder.. some network products have a 'total lockdown' mode that > > stops anything network. Like pulling the plug. > > IBM can have a similar thing for z/OS TCPIP/SNA networks but I reckon it's > > more effective if a similar lockdown (ugh) feature exists for RACF instead. > > Of course, this will mean a whole lot of things will now start failing > > (perhaps this feature can also write such lockdown-initiated violations > > into a special report), but it may be worth shuttering things down before > > things can get worse. > > Alternatively, storage boxes need to get intelligent with their metadata. > > > > - KB > > I see no relationship to the ransomware problem, however in z/OS you can > "totally lockdown" any network interface you want. Including offline the > device and chpid. And this is IMHO good for Hollywood movies, not as > real protection - this "plug out feature" would work ...when? After the > hacker started encryption, or just two minutes before? Who/what > recognize suspected activity? What if the activity was phony, just to > run "plug out feaure"? > > My advice: > > 1. Only authorized users should have connectivity to the mainframe > ...and any other resource. No more "any to any" company networks. Note: > "authorized" in this point has nothing to do with a mainframe. Just > Johny the Sysprog can connect to the host, but Jim the secretary cannot. > > 2. Only authorized users can logon. User, password, maybe MFA. Obvious. > 3. Users are authorized to the resources they need, nothing more. Of > course we do not talk about READ to SYS1.HELP, but it is good idea to > not allow APF update to any TSO user. This is typical RACF > responsibility. Loooong story. > > -- > Radoslaw Skorupka > Lodz, Poland > > ====================================================================== > > Jeśli nie jesteś adresatem tej wiadomości: > > > - powiadom nas o tym w mailu zwrotnym (dziękujemy!), > - usuń trwale tę wiadomość (i wszystkie kopie, które wydrukowałeś lub > zapisałeś na dysku). > Wiadomość ta może zawierać chronione prawem informacje, które może > wykorzystać tylko adresat.Przypominamy, że każdy, kto rozpowszechnia > (kopiuje, rozprowadza) tę wiadomość lub podejmuje podobne działania, narusza > prawo i może podlegać karze. > > mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 > Warszawa,www.mBank.pl, e-mail: kont...@mbank.pl. Sąd Rejonowy dla m. st. > Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, KRS 0000025237, > NIP: 526-021-50-88. Kapitał zakładowy (opłacony w całości) według stanu na > 01.01.2020 r. wynosi 169.401.468 złotych. > > If you are not the addressee of this message: > > - let us know by replying to this e-mail (thank you!), > - delete this message permanently (including all the copies which you have > printed out or saved). > This message may contain legally protected information, which may be used > exclusively by the addressee.Please be reminded that anyone who disseminates > (copies, distributes) this message or takes any similar action, violates the > law and may be penalised. > > mBank S.A. with its registered office in Warsaw, ul. Senatorska 18, > 00-950 Warszawa,www.mBank.pl, e-mail: kont...@mbank.pl. District Court for > the Capital City of Warsaw, 12th Commercial Division of the National Court > Register, KRS 0000025237, NIP: 526-021-50-88. Fully paid-up share capital > amounting to PLN 169.401.468 as at 1 January 2020. > > > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN