Boy, has this topic gotten a LOT of feedback.
First, WORM (or LWORM) is NOT the same as immutable. Since you can still append
more data to the tape file OR add additional tape files to the same volume.
Now, adding additional files to a tape is not as critical (if the file is not
open'ed; the data won't read by anything). Also, some applications (ADRDSSU for
example) will write their own application end-of-data type control record. So
any data appended to an ADRDSSU file will simply be ignored.
Now, depending on your tape management product you MIGHT be able to stop "MOD"
processing, to prevent the ability to add additional data to a backup file. CA
1 of course allows you to control this - so you can prevent MOD'ing onto
specific files.
Also, the Vtape product (formerly CA Vtape) distributed as part of CA 1 R15.0
does support "immutable" volumes to be created. That means NO data can be
appended (either as an additional file or through MOD processing) once the
virtual-volume is dismounted.
Russell WittCA 1 Developer
On Tuesday, April 8, 2025 at 02:11:41 PM CDT, Schmitt, Michael
<[email protected]> wrote:
A hypothetical IT department wants all tape systems, including z/OS, to turn
on WORM (Write Once Read Many) so that the tapes are immutable. The reason is
for prevention of ransomware attaches from altering backup data.
My question is: how does this help? If an attacker has the access and
authorization to update a tape, they also have the access and authorization to
copy the tape data to a new tape with altered data.
When we restore from a backup, we don't consult a post-it note that says "now
mount volume T13439". We mount whatever volume the tape catalog system says
contains the data set we need.
What am I missing?
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
