Re: hacking vm/cms (probably old news)

Tue, 09 Oct 2007 08:27:59 -0700

Auditors are the only snag in the works. Our Cyber/Network security people feel that if there is an IP address assigned, then the scriptkiddies can infiltrate our network and steal all of our secrets, or at least store all of their porn.
Being FORCED to work on closing the directory before being able to bring up the TCPIP stack would help in dealing with them. 

/Tom Kern
/301-903-2211

Huegel, Thomas wrote:

I agree..... Auditors need not even know a second level installation 
machine even exist, other than it is just another virtual machine..



Since I am always installing second level only the password for my 
second level machine needs to be secure. In my opinion this is a single 
user machine.



All of this password manipulation can easily be done before turning the 
directory over to DIRMAINT and before going to production with a user 
written exec.




-----Original Message-----
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED]
Behalf Of RPN01
Sent: Tuesday, October 09, 2007 9:44 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: hacking vm/cms (probably old news)


As far as I'm concerned, until the system matches the production
environment, it's mine, and auditors have no business looking at it at all;
I'll do as I please. They can whine all they want; they don't have an ID on

the installation system to look at anything with anyway, so how can they 
say

it isn't secure?

--
   .~.    Robert P. Nix             Mayo Foundation
   /V\    RO-OE-5-55                200 First Street SW
  /( )\   507-284-0844              Rochester, MN 55905
  ^^-^^   -----
        "In theory, theory and practice are the same, but
         in practice, theory and practice are different."




On 10/9/07 9:25 AM, "David Boyes" <[EMAIL PROTECTED]> wrote:


 >
 > Easier, but you have no evidence that you actually did so if some
 > auditor yahoo comes and whines about it. You also can then ensure that
 > whatever new passwords assigned actually meet your password policies,
 > etc, etc, blah, blah.
 >


__________________________________________________________________

<< ella for Spam Control >> has removed VSE-List messages and set aside 
VM-List for me

You can use it too - and it's FREE!  http://www.ellaforspam.com
























					Reply via email to