Search390.com Expert Question of the Week April 30, 2001 Welcome to Search390's Expert Question of the Week newsletter. Remember, no question is too simple for Ask the Experts! If you have a 390-related question, send it to [EMAIL PROTECTED] Selected questions will be answered by our experts. This week's question was answered by Gerhard Adam, search390's Systems Management Expert. ===================================== GET THE INFO YOU WANT TODAY What do YOU want in your e-mailbox? How about FREE info and offers about computers, networking, wireless devices, finance and lots more? Visit http://search390.techtarget.com/postmasterDirect/, choose the topics that interest you, and you'll get the e-mail you want. ===================================== QUESTION: We currently have a standalone mainframe running OS/390. It is used as the computer for a court system where data security, custodianship and certification are very important legal issues. We are considering consolidating the court computing function with the general county CMOS processor. After the consolidation, we will have an LPAR region but we will not control the main console. Operating in an LPAR, what are the risks from a data security/custodianship/certification standpoint? What, if any, measures or configurations can be implemented to reduce the risks? ANSWER: From a security point of view, nothing really changes at the operating systems level. Whatever security software and processes you have in place will still function as normal. The only real issue is physical security and any ability to compromise security from the console. If there is adequate control and supervision of the main console, then it seems unlikely that an operator would intentionally compromise the security of your LPAR any more than that possibility exists right now. I'm assuming that the general county CMOS processor is adequately secured from a physical point of view, so I don't really see any issues that would compromise the integrity of your operation. Data and programs would be secured by the existing software mechanisms and be unchanged. I would ensure that DASD is NOT shared, and that other LPARs not have access to the data, since that would represent an exposure. If my assumptions are not correct and this consolidation includes sharing systems and allowing access to a whole new range of people (ie: systems programmers, etc.), then the security issue becomes that much more complex. Bear in mind that security is first and foremost a people problem. The fewer people that have access, the less compromised the system. I would also conduct a software security audit (check rules) to ensure that the proper protections are in place. ===================================== ASK THE EXPERTS ===================================== Do you have a question for Gerhard? To submit a question(s), go to http://search390.techtarget.com/ateQuestion/0,289624,sid10_tax285033,00.html ===================================== SEARCH390 DISCUSSION FORUMS ===================================== Check out our operating systems discussion forum. This is the place where you can voice your concerns, offer your peers tips and advice, etc. Start a new discussion, or respond to existing posts. The possibilities are endless! http://search390.discussions.techtarget.com/WebX?50@@.ee83ff6 ======================================================= What do you think about this Expert Question of the Week? Let us know. Send an email to [EMAIL PROTECTED] ======================================================= ===================================================== For a list of the latest tips on Search390.com, go to: http://www.search390.com/search390_Tips_Category_Page/0,4223,281586,00.html What technical issues are important to you? Do you have an idea or a tip you'd like to share with other S/390 pros? Let us know. E-mail us at mailto:[EMAIL PROTECTED]. ======================================================== To Remove your email address from the distribution list for this specific newsletter "Reply" to this message with REMOVE in the subject line. You will receive an email confirming that you have been removed. To Remove yourself from additional distribution lists or to update your preferences, go to the search390.com registration page at: http://search390.techtarget.com/register
