On 5/7/19 6:49 AM, Carmen Vitullo wrote:
SNA networks we're pretty secure
I question how much of that ""security was the (largely) closed
ecosystem. As in it required different hardware, most of which wasn't
easily available or inexpensive.
I think Bigendian Smalls and / or Soldier of Fortran have done multiple
presentations on how insecure SNA was. Particularly how easy it is to
subvert the protected fields by ignoring ~> altering the protection
status when returning the screen to the mainframe.
IMHO any time you rely on the client to behave properly for anything
security related, you've got a security problem.
I have likened this to an HTML FORM that has a field set to disabled.
I guess there is room for doing this on purpose as a trap to see if
someone is monkeying with things. Sort of a litmus test to see if
anything protected is modified. But that's contrary to the
presentations that I've heard.
it wasn't till TCP/IP and OPENMVS that we started having to rethink
security
Was TCP/IP itself the problem? Or was it the fact that TCP/IP provided
a way for different systems, not directly associated with the mainframe
to connect and / or the introduction of a new subsystem, OpenMVS, and an
entirely new ecosystem of methodologies & unknowns that turned into
vulnerabilities?
Is it possible that X.25 network connections to channel attached SNA
controllers / concentrators could have also introduced the first of the
two problems above?
Was OSI Networking ever a thing on the mainframe? Would it have also
allowed other remote connections?
By "other remote connections" is providing a communications path to the
mainframe from devices that would be outside of the (inverted tree) with
everything subservient to the mainframe. As in something that wasn't
directly related to the mainframe now had a communications path to the
mainframe.
--
Grant. . . .
unix || die
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
