W dniu 29.09.2024 o 03:00, Steve Estle pisze:
Hmm - Interesting conversation. The account I'm supporting uses Tectia for ZOS product set
(SSH.COM) which allows for proxy to be setup to convert all ZOS FTP to SFTP without any
script changes. This product was already in place when I arrived so I was not involved in
the decisions to procure or rationale other than it was needed to be properly
"secure". But I am now wondering from a security / audit perspective if a
secondary software product such as Tectia is truly required to provide a secure and audit
proof FTP, Telnet, TN3270 environment or is the correct answer is it is just a matter of
properly configuring ZOS Comm Server, FTP, & ATTLS properly which in essence fully
secures the FTP service adequately?
Thoughts?
My humble opinion:
1. People are lazy or reluctant to make changes "because it works".
Sometimes we inherit old setup with tons of obsoleted settings, etc. And
it is a psychological challenge to change old things (with some risk of
mistake - as always), convince managers, etc.
2. IMHO the FTP from IBM is secure enough. No add-on products are needed.
3. Distributed systems world tend to prefer sftp over ftps. However sftp
implementation on z/OS lacks some features.
4. Last but not least: there is variety of "managed file transfer"
products. Such products provide both security and many other features
making file transfer easier, faster, better accountable, non-repudiable,
etc.
--
Radoslaw Skorupka
Lodz, Poland
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
