Classification: Confidential The only valid bit of information I have seen in this area is the UID and Password are exposed in clear text with "basic" FTP. I believe AT-TLS resolves this issue.
-----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Tom Longfellow Sent: Thursday, September 26, 2024 11:36 AM To: [email protected] Subject: Re: in Defense of FTP. FUD rules [CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don’t click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.] I was originally addressing the functions of FTP itself. FTP is not an open door to accessing whatever you want on a z/OS system. I was not addressing denial of service attacks of any nature. Allowing FTP or any other network facing application is by its very nature exposing denial of service and availability attacks. Please address those concerns to the networking and firewall teams. If you are on a network (z/OS or not), denial of service is a part of life. I am still a firm believer of the data controls of RACF. Including those that are integrated with the Communication Server for port and IP function access. If you are foolish enough to just install base software without addressing security controls, then you have done the equivalent of holding a Hackers open house and you really do not care what happens to your data. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ::DISCLAIMER:: ________________________________ The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ________________________________ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
