On Mon, 9 Oct 2017 07:36:53 -0400, John Eells wrote: >> >> How are you going to handle the orders for Tapes? Our installation does not >> have *ANY* internet connection from the M/F. AFAIK that will never change. >> The place is hyper about security. I think its overblown, but the current >> upper management says NFW. When they say no they mean no. Myself I am happy >> with tape, I don’t have to worry about the SMPE creating datasets all over >> the place and having 5 volumes(or more) for simple maintenance. > I have to wonder, nowadays, what Ed's system does and what it's connected to. Keypunches? ATMs and POS stations on a very private network? ...
>In a future without tape, if you do not have optical drives and cannot >connect to the Internet, you will need to take a laptop outside the >firewall, download your order, bring it back in, and upload it to your >z/OS system. This is already supported and documented, and has been for >well over a decade now. > I hope it's not a Windows laptop. How woud you connect it to the M/F for upload? Do you expect the firewall to scan the laptop for malware? The more data you carry in through the firewall, the more likely that some of it is bad. Many years ago, briefly, IBM delivered PTFs in 3480 cartridges in polyethylene sleeves proclaiming that malware was thereby excluded. My peers snickered, "And how hard is it to counterfeit a heat-sealed plastic envelope?" If you suspect that a product or service package received from the Internet contains malware, how does filtering it through the laptop cleanse it? SMP/E packages are validated by SHA-1 checksums. Does SHA-1 meet security criteria nowadays. It's pointless to trust a checksum transmitted by the same channel as the payload. What are the alternatives? I don't understand certificates. I think they're an institutionalization of the fad of a couple decades ago, "Please sign my PGP public key." I need to read up. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
