Radoslaw Skorupka wrote: >That's what we call brute force attack. >There is no way to protect against it ...or maybe there are some >things to help. >1. Do not give your RACF db to hackers. Never. >2. Enforce periodic password change. >3. Use KDFAES. >4. Use passphrases.
Here are some more examples for your list: 5. Don't grant overly generous permissions. Revoke permissions faithfully and promptly when required. 6. IBM Z Multi-Factor Authentication. 7. Use excellent data access management and Security Information and Event Management (SIEM) solutions. 8. "Stay sharp." Invest in talented security professionals, including in their ongoing skills development. Hire other talented security people to conduct periodic audits. 9. Stay at least reasonably current with software releases, including z/OS releases. Have and follow a reasonable preventive maintenance plan, including for security and integrity updates. 10. Use strong, properly implemented network encryption so that credentials aren't flying across any LAN or WAN in cleartext. z/OS Encryption Readiness Technology (zERT), a standard feature included with the base z/OS operating system starting with z/OS 2.3, can help identify gaps. - - - - - - - - - - Timothy Sipples I.T. Architect Executive Digital Asset & Other Industry Solutions IBM Z & LinuxONE - - - - - - - - - - E-Mail: sipp...@sg.ibm.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN