First part of my answer was kind of joke. Wasn't it clear?
Second part provided some means, products and opinions.
Regarding magic SVCs - I have *never* found any. Yes, I met and fixed
some other mistakes you mentioned.
And yes, such point should be on auditor checklist.
And yes, people tend to make mistakes. That's why I mentioned audit as
important part of the picture.
And it is good idea to have redundant protections whenever possible.
That's why we have encrypted datasets. Not because RACF sucks.
And at the end we may have Safeguarded Copy or Dell/EMC solution.
--
Radoslaw Skorupka
Lodz, Poland
W dniu 08.10.2021 o 00:47, Charles Mills pisze:
I don't know, but what the professional Pen Testers tell me is that they never
fail to find things like that.
I've never met any group that never made a mistake, never had an "oops," never
"missed something."
Magic SVCs were widespread until recently. Has every single one vanished?
Charles
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf
Of Bill Johnson
Sent: Thursday, October 7, 2021 3:21 PM
To: [email protected]
Subject: Re: Mainframe ransomware solution
You’d have to be a poorly run shop to permit any of those to occur. Maybe
that’s why mainframe hacks have actually never happened.....Biden successfully
extracted 124,000 from Afghanistan in a few weeks. Amazing.
Sent from Yahoo Mail for iPhone
On Thursday, October 7, 2021, 2:12 PM, Charles Mills <[email protected]> wrote:
And assuming you never make a mistake. Never leave an APF data set unprotected. Never
give the wrong person console authority. Fully understand APF on UNIX. Never have a Rexx
PDS used by privileged users that is modifiable by others. Have no magic SVCs. Have no
flawed APF code, no APF "tools" available inappropriately.
Charles
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf
Of Radoslaw Skorupka
Sent: Wednesday, October 6, 2021 2:13 PM
To: [email protected]
Subject: Re: Mainframe ransomware solution
W dniu 05.10.2021 o 15:24, Tommy Tsui pisze:
Hi
Any shop implement mainframe ransomware solution can share? IBM seems has
cyber vault to handle this. Is there any other solution available ?
Thanks for sharing
<shameless mode>
Yes, we have such solution.
This is combination of the following products:
1. z/OS
2. RACF
3. Professional staff
</shameless mode>
Other means:
RACF
backup
Safeguarded copy and other vendors' solutions
audit
procedures
Note: all of the "solutions" marketed nowadays give you some cure *after
breach happened*. However that means some problems. It is unlikely to
restore with RPO=0. If you want RPO=0 then you should pay much more
attention at prevention, which means ...no, NOT ANOTHER PRODUCT.
Definitely first: professional staff, procedures, audit. And then maybe
some tools.
IBM Cyber Resiliency tools: Guardium, zSecure Suite, QRadar SIEM,
Safeguarded Copy...
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
