Paul Gilmartin wrote: >Merely connecting one's core IS engine to the Internet opens an avenue >for tampering. I have little to say on this.
OK, I'll write a few more words then. :-) In order for z/OS to receive security and integrity updates from IBM (and other updates if desired), securely and as rapidly as possible, you do *not* need to connect "one's core IS engine to the Internet." That's not a prerequisite. I agree with David Jousma and also recommend outbound HTTPS from a non-production z/OS instance. Please review the firewall and connection guidance I provided in my earlier post for it addresses myriad concerns. Today's answers are far, far better than the past, and it's long past time to embrace that "scary" Internet thing for it is merely a (thoroughly securable, at least in this instance) outbound transport. I'm sure many of you remember PSTNs, for example. Time synchronization, dial-up 3270 access....was that secure on the PSTN? Nobody ever tapped a phone line or redirected a phone call, right? ;-) One must be sensible, evaluating and assessing (and periodically reassessing) risks comparatively. Otherwise one completely loses the plot. Timely implementation of security and integrity updates is vital. If you're not doing that, please get going, now. Please excuse me while I try to extinguish the fire in my hair. (You can help.) -------------------------------------------------------------------------------------------------------- Timothy Sipples IT Architect Executive, Industry Solutions, IBM z Systems, AP/GCG/MEA E-Mail: [email protected] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
