What ever your security server may be (RACF, CA-ACF2, CA-TSS) audit the
successful use of the program IND$FILE so that all executions are logged.
This still does not address the issue.
Logging the use of IND$FILE (obsolete) does not manage all methods of moving
files from the mainframe to PC's.
Was doing an interview audit one time. Subject was control of system
libraries and protecting them. Then I shocked the auditor by asking this
question.
Why are you so intent on protecting the system from me, whose livelihood
is dependent on keeping it healthy? What about that hourly operator
The SMF 30 contains no TSO COMMAND usage information
by command name, but any DDNAMEs allocated during the
TSO session are recorded in the SMF 30s, so you can
often/sometimes recognize what TSO command was used
from recognizable unique DDNAMEs in the SMF 30,
but without 100% accuracy.
And you
This post: Use of SPFEDIT in my own program Bob Rutledge
[EMAIL PROTECTED] is a fine example of how to educate the OP
instead of doing their work for them.
On Sun, 20 Apr 2008 10:29:28 -0500, Kenneth E Tomiak
[EMAIL PROTECTED] wrote:
After awhile I start to spot a trend from some people
agree 100%. I was especially insulted by a post a few weeks ago where the
subject line
contained verbiage similar to what our tech support group sees, Emergency,
High Priority
Application Failure!Like we drop what we're doing to help them
out...
We should quit being baby sitters for
I believe IND$FILE is implemented as a Command Processor
(and not a CLIST that CALLs a program); therefore you
can create an SMF type 32 record for each use of the
command.
The SMF Manual discusses enablement in Chapter 4.
Barry
Barry Merrill
Herbert W. Barry Merrill, PhD
In a message dated 4/20/2008 12:05:33 P.M. Central Daylight Time,
[EMAIL PROTECTED] writes:
(and not a CLIST that CALLs a program); therefore you
can create an SMF type 32 record for each use of the
command.
But aren't they already cut in type 30? I think I stumbled on this while
Are you referring to me?
If so it doesn't take much. I feel like a hero every time I come home
and my cats recognize me. If I can get an assembler program to make it
to the linkedit step, I feel like a demigod.
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL
-snip--
Are you referring to me?
If so it doesn't take much. I feel like a hero every time I come home
and my cats recognize me. If I can get an assembler program to make it
to the linkedit step, I feel like a demigod.
On Sun, 20 Apr 2008 10:29:28 -0500, Kenneth E Tomiak
[EMAIL PROTECTED] wrote:
After awhile I start to spot a trend from some people posting here that they
are not trying to learn how to do something, they have figured out how to get
IBM-MAIN to do their job for them.
...
Let me present another
Thanks all your information and sharing. Actually, there are so many ways to
transfer files from HOST system but we still have to cope with
the internal/external auditor each year. We can't say nothing we can do.
Nothing is prefect, but taking notes/remember the coding and picture some
photo we
Hum, I just had another idea about this sort of thing to bounce around.
Don't let the outsiders connect directly to the company LAN. Instead,
force them to use something like Microsoft Terminal Services to logon to
a multiuser Windows server. Once there, allow them to use a 3270
emulator. That
On Fri, Apr 18, 2008 at 1:47 AM, Kenneth E Tomiak
[EMAIL PROTECTED] wrote:
Do you strip search them as they leave the building to ensure paper is not in
their posession? Ignoring the possibility of print-screen like functions, I
can
take a pen and a piece of paper and copy a file byte by
Don Leahy wrote:
[...]
How about stealing an idea from the movie Paycheck. We could wipe
the memory of the programmer as soon as the engagement is over. :-)
This thread has started to get sillybut it is Friday.
Not necessarily.
There is big difference between memorizing few lines
Oh, another possibility is to use RACF and PADS, but I don't know if
that will work to allow ISPF EDIT but disallow basically everything
else, such as IND$FILE.
--
John McKown
Senior Systems Programmer
HealthMarkets
Keeping the Promise of Affordable Coverage
Administrative Services Group
On Fri, 18 Apr 2008 00:47:29 -0500, Kenneth E Tomiak ranted:
Tommy Tsui has had posts before, IIRC, that indicate a complete lack of
knowledge about how an operating system works. I believe he has been
asking
how to audit just about everything. Ignorant of what SMF can record, how to
process SMF
On Fri, 18 Apr 2008 12:44:24 -0500, John McKown wrote:
Don't let the outsiders connect directly to the company LAN. Instead,
force them to use something like Microsoft Terminal Services to logon to
a multiuser Windows server. Once there, allow them to use a 3270
emulator. That way, the emulator
Tom Schmidt
(BTW, I know of a company nearby that has a policy prohibiting cellphones
with cameras but they have no prohibition regarding cameras without
cellphones. You may bring in a digital camera - as long as it isn't part of
a cell phone!)
My comapny won't allow cameras without a camera
On Thu, 17 Apr 2008 15:00:29 +0800 Tommy Tsui [EMAIL PROTECTED] wrote:
:Is there any way that can keep track the usage of IND$FILE, if the user
:rename the IND$FILE to ther own location and call it with TN3270, how can we
:check this case.
WHy do you want to do this? What is your business case?
because our audit want to check the unauthorized user (outsource
programmer) download the source program from our shop.
On 4/17/08, Binyamin Dissen [EMAIL PROTECTED] wrote:
On Thu, 17 Apr 2008 15:00:29 +0800 Tommy Tsui [EMAIL PROTECTED] wrote:
:Is there any way that can keep track the usage
On Thu, 17 Apr 2008 22:07:11 +0800 Tommy Tsui [EMAIL PROTECTED] wrote:
:because our audit want to check the unauthorized user (outsource
:programmer) download the source program from our shop.
How will this prevent screen scraping?
There are other ways to download upload.
:On 4/17/08,
-Original Message-
From: IBM Mainframe Discussion List
[mailto:[EMAIL PROTECTED] On Behalf Of Tommy Tsui
Sent: Thursday, April 17, 2008 9:07 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: how to audit the usage of IND$FILE
because our audit want to check the unauthorized user
Tommy,
Why don't you put AUDIT on the source file and see who touches it for READ?
IIRC, IND$FILE might be possible to track if you had a product like MXG or
SOFTAUDT or MICS and the access was to the mainframe. Is there a specific way
they are invoking IND$FILE? From a PC or from the
As someone else already pointed out, although cumbersome, you can
always cutpaste what you see on your 3270 screen.
Don't grant people access to data they don't need.
Don't grant people access to the system if you don't trust them.
Of what value is an audit record that says the data has been
Is there any way that can keep track the usage of IND$FILE, if the user rename
the IND$FILE to ther own location and call it with TN3270, how can we
check this case.
Why do you want to audit it?
There are many ways to transfer files around besides that method.
-
Too busy driving to stop for
-Original Message-
From: IBM Mainframe Discussion List
[mailto:[EMAIL PROTECTED] On Behalf Of Ted MacNEIL
Sent: Thursday, April 17, 2008 1:54 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: how to audit the usage of IND$FILE
Is there any way that can keep track the usage of IND$FILE,
On Thu, Apr 17, 2008 at 10:19 AM, Binyamin Dissen
[EMAIL PROTECTED] wrote:
On Thu, 17 Apr 2008 22:07:11 +0800 Tommy Tsui [EMAIL PROTECTED] wrote:
:because our audit want to check the unauthorized user (outsource
:programmer) download the source program from our shop.
How will this prevent
On Thu, 17 Apr 2008 22:07:11 +0800, Tommy Tsui [EMAIL PROTECTED] wrote:
because our audit want to check the unauthorized user (outsource
programmer) download the source program from our shop.
On 4/17/08, Binyamin Dissen [EMAIL PROTECTED] wrote:
On Thu, 17 Apr 2008 15:00:29 +0800 Tommy Tsui
On Thu, 17 Apr 2008 22:07:11 +0800, Tommy Tsui wrote:
because our audit want to check the unauthorized user (outsource
programmer) download the source program from our shop.
First, have you protected it with RACF?
-- gil
--
because our audit want to check the unauthorized user (outsource programmer)
download the source program from our shop.
What about ftp? Copy Paste?
-
Too busy driving to stop for gas!
--
For IBM-MAIN subscribe / signoff /
But the exposure exists because you gave the user READ access to the data.
This has been discussed before on the RACF-L forum.
It is better to protect the data, rather than the method of copying.
-
Too busy driving to stop for gas!
It is better to protect the data, rather than the method of copying.
That doesn't help if you want the programmer to work on a program
but you don't want him to take it with him.
Date: Thu, 17 Apr 2008 20:41:35 +
From: [EMAIL PROTECTED]
Subject: Re: how to audit the usage of
That doesn't help if you want the programmer to work on a program but you
don't want him to take it with him.
If he can read it, he can copy it.
And, how protecting IND$FILE will not be enough.
There are many methods, but the crudest one cannot be protected except by
giving the programmer an
Is JK Rowling the auditor?
Tommy Tsui wrote:
because our audit want to check the unauthorized user (outsource
programmer) download the source program from our shop.
snip
--
For IBM-MAIN subscribe / signoff / archive
On Thu, 17 Apr 2008 21:30:43 +, Ted MacNEIL wrote:
That doesn't help if you want the programmer to work on a program but you
don't want him to take it with him.
If he can read it, he can copy it.
And, how protecting IND$FILE will not be enough.
There are many methods, but the crudest one
Either you trust your programmer's ethics or you shouldn't provide access to
the treasured source. There is no in between.
Exactly! Everytime you work with an 'outsider' (contractor, outsourcer,
consultant, etc.), you have a risk evaluation to do.
You either trust them, or you don't.
If you
Or modularize the design so that no one part is known by everyone. I
think that's why Windows works so well.
Ted MacNEIL wrote:
Either you trust your programmer's ethics or you shouldn't provide access to the
treasured source. There is no in between.
Exactly! Everytime you work
Or modularize the design so that no one part is known by everyone. I
think that's why Windows works so well.
LOL! :-)
George Fogg
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL
On Thu, Apr 17, 2008 at 5:30 PM, Ted MacNEIL [EMAIL PROTECTED] wrote:
That doesn't help if you want the programmer to work on a program but you
don't want him to take it with him.
If he can read it, he can copy it.
And, how protecting IND$FILE will not be enough.
There are many methods,
If you have a cell phone camera, it is not that big of an issue - no one
really thinks there is a camera in the building when it is in a cell phone.
Lizette
That doesn't help if you want the programmer to work on a program but you
don't want him to take it with him.
If he can read it, he can
If you have a cell phone camera, it is not that big of an issue - no one
really thinks there is a camera in the building when it is in a cell phone.
It depends where you work.
Th company I recently got downsized from actually had a policy against cell
cameras.
-
Too busy driving to stop for
Don Leahy wrote:
Even a green screen is no guarantee if the programmer smuggles a
camera into the office and takes pictures as he scrolls. Tedious
perhaps, but it would work.
Camera? I have a VBS macro for IBM's PCOMM that scrolls forward and
appends each screen's worth of data to a text
On Thu, Apr 17, 2008 at 11:00 PM, Edward Jaffe
[EMAIL PROTECTED] wrote:
Don Leahy wrote:
Even a green screen is no guarantee if the programmer smuggles a
camera into the office and takes pictures as he scrolls. Tedious
perhaps, but it would work.
Camera? I have a VBS macro for
Do you strip search them as they leave the building to ensure paper is not in
their posession? Ignoring the possibility of print-screen like functions, I can
take a pen and a piece of paper and copy a file byte by byte and get a copy.
Let me memorize a few lines of code every day and I can
44 matches
Mail list logo
