gil asked, "What protection does IND$FILE offer against exfiltration of sensitive data?"
This would require some means of identifying the data as "sensitive". I note that this is talking of the "data", rather than the "data set". The ability of programs to take copies, partial copies, extracts, prints, and the ability to rename data sets is a large challenge to such identification and tracking of "data". Using the RACF security categories and security labels with write-down controls is a good start to providing such restrictions, but it is not easy to use nor easy to retrofit to existing workloads. In my experience few RACF sites make use of it. Lennie Dymoke-Bradshaw -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Paul Gilmartin Sent: 27 September 2024 02:59 To: [email protected] Subject: Re: in Defense of FTP. FUD rules On Thu, 26 Sep 2024 17:07:21 -0700, Tom Brennan wrote: >Thanks! It seemed like we were only picking on poor FTP. > What authentication technique does TN3270 use? What protection does IND$FILE offer against exfiltration of sensitive data? -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
