Ah, ok, I see now - we haven't gotten as far as one facing the internet - although I do hear that that's in phase 2 of one apps plans for this year. I'll have to get you involved in that project :)
Marcy Cortes "This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation." -----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Alan Altmark Sent: Friday, February 10, 2006 8:49 PM To: [email protected] Subject: Re: [LINUX-390] VSWITCH authorizations (was: First install of RedHat under z/VM) On Friday, 02/10/2006 at 06:55 CST, Marcy Cortes <[EMAIL PROTECTED]> wrote: > I guess I don't see anyone breaking into the class G guest if the > class G guest doesn't a password and is logon by only by the systems > programmers with her password. I guess in theory they could somehow > get to cp by linux, but then he'd already have the NIC anyway. If you have only one VSWITCH defined, then the risk is obviously minor. But what if you had two VSWITCHes, one that faced the Internet and another that faced your intranet? The risk of breakin may be low, but the consequences of the Linux guest connecting to both VSWITCHes without your explicit permission would be significant. It would be like giving some distributed server access to a trunk port on a switch with authorization to all VLANs. <shudder> But I appreciate that in non-security-conscious environments the RESTRICTED nature of a VSWITCH can be annoying. But maybe it's only annoying because it is easy to forget to authorize the access? A final thought... The best security controls are in an ESM. You can lay your system bare if that's what you want to do. That is to say, an ESM provides not only extra security, but extra non-security if so configured. With RACF, a single generic profile could be defined with UACC(UPDATE), allowing every user on the system to connect to any Guest LAN or VSWITCH. Philosophy #37: It should be HARD to get your system into a wide-open state. No accidental tourists. In fact, security standards are moving in the direction of requiring *two* privileged users to deactivate the security controls. (You know, both have to insert and turn their keys at the same time.) Alan Altmark z/VM Development IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
