On 5/7/19 6:49 AM, Carmen Vitullo wrote:
SNA networks we're pretty secure

I question how much of that ""security was the (largely) closed ecosystem. As in it required different hardware, most of which wasn't easily available or inexpensive.

I think Bigendian Smalls and / or Soldier of Fortran have done multiple presentations on how insecure SNA was. Particularly how easy it is to subvert the protected fields by ignoring ~> altering the protection status when returning the screen to the mainframe.

IMHO any time you rely on the client to behave properly for anything security related, you've got a security problem.

I have likened this to an HTML FORM that has a field set to disabled.

I guess there is room for doing this on purpose as a trap to see if someone is monkeying with things. Sort of a litmus test to see if anything protected is modified. But that's contrary to the presentations that I've heard.

it wasn't till TCP/IP and OPENMVS that we started having to rethink security

Was TCP/IP itself the problem? Or was it the fact that TCP/IP provided a way for different systems, not directly associated with the mainframe to connect and / or the introduction of a new subsystem, OpenMVS, and an entirely new ecosystem of methodologies & unknowns that turned into vulnerabilities?

Is it possible that X.25 network connections to channel attached SNA controllers / concentrators could have also introduced the first of the two problems above?

Was OSI Networking ever a thing on the mainframe? Would it have also allowed other remote connections?

By "other remote connections" is providing a communications path to the mainframe from devices that would be outside of the (inverted tree) with everything subservient to the mainframe. As in something that wasn't directly related to the mainframe now had a communications path to the mainframe.



--
Grant. . . .
unix || die

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to