kekronbekron wrote:
>Thank you Tim, would you be able to share any info about #2
>here.. ?
Yes, let's start with this important announcement:
https://www.ibm.com/downloads/cas/US-ENUS220-037-CA/name/US-ENUS220-037-CA.PDF
- - - - - - - - - -
Timothy Sipples
I.T. Architect Executive
Digital Asset
Thank you Tim, would you be able to share any info about #2 here.. ?
- KB
‐‐‐ Original Message ‐‐‐
On Tuesday, September 8, 2020 10:27 AM, Timothy Sipples
wrote:
> Kekronbekron wrote:
>
> > Thinking about it ... it would be far simpler (than anti-ransomware
> > capability in storage, o
SafeGuarded Copy on IBM DS8000
On Fri, Sep 4, 2020, 21:50 Jesse 1 Robinson wrote:
> It’s Friday, so don’t rag on me for venturing into IT fiction. No one has
> hit us with this challenge (yet), but it could happen.
>
> Ransomware is much in the news these days. As unlikely as it might be,
> some
-MAIN@LISTSERV.UA.EDU
Subject: Re: Ransoming a mainframe disk farm
Kekronbekron wrote:
>Thinking about it ... it would be far simpler (than anti-ransomware
>capability in storage, or lock-all behaviour) if there were a RACF
>HealthChecker that looks for abnormal enc/dec activity. What 'normal
It is an interesting note that the rabies protocol is post-exposure.
You will get post-exposure treatments on Days 0, 3, 7, and 14.
The treatment on day 0 consists of a globulin shot as well as the vaccine.
The other three are vaccine only.
Joe
On Tue, Sep 8, 2020 at 5:46 AM Robert Prins
wrote
On 2020-09-08 10:15, R.S. wrote:
W dniu 08.09.2020 o 14:09, Robert Prins pisze:
On 2020-09-08 07:21, R.S. wrote:
Well, I sustain my words: the only EFFECTIVE way is to prevent.
All other ways are recipes what to do after failure happens, to minimize the
impact.
This resembles data loss scena
W dniu 08.09.2020 o 14:09, Robert Prins pisze:
On 2020-09-08 07:21, R.S. wrote:
Well, I sustain my words: the only EFFECTIVE way is to prevent.
All other ways are recipes what to do after failure happens, to
minimize the impact.
This resembles data loss scenario. What to do when you lost your
On 2020-09-08 07:21, R.S. wrote:
Well, I sustain my words: the only EFFECTIVE way is to prevent.
All other ways are recipes what to do after failure happens, to minimize the
impact.
This resembles data loss scenario. What to do when you lost your data? The
answer is AVOID it. Use RAID arrays,
Well, I sustain my words: the only EFFECTIVE way is to prevent.
All other ways are recipes what to do after failure happens, to minimize
the impact.
This resembles data loss scenario. What to do when you lost your data?
The answer is AVOID it. Use RAID arrays, remote copies, backups, archive
Great notes, thanks! But real geeks know Warp Drive will be invented in
2063 and with that humans can easily catch up with Voyager, well, unless
it becomes Vger.
Here in the Los Angeles area a few years ago I went to see a guitar
player and happened to meet a few guys who engineered and built
Kekronbekron wrote:
>Thinking about it ... it would be far simpler (than anti-ransomware
>capability in storage, or lock-all behaviour) if there were a RACF
>HealthChecker that looks for abnormal enc/dec activity. What 'normal'
>is can be learnt from a year's worth of actual enc/dec-related SMF
>da
Thinking about it ... it would be far simpler (than anti-ransomware capability
in storage, or lock-all behaviour) if there were a RACF HealthChecker that
looks for abnormal enc/dec activity.
What 'normal' is can be learnt from a year's worth of actual enc/dec-related
SMF data.
- KB
‐‐‐ Ori
@LISTSERV.UA.EDU
Subject: Re: Ransoming a mainframe disk farm
I will tell you that when it happened to my client, the "ransom" was
$1million.
It was less expensive to lose a days work. in restoring from backups.
--
For IBM-MAIN
LISTSERV.UA.EDU] On
> Behalf Of Tom Brennan
> Sent: Monday, September 7, 2020 4:32 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: Ransoming a mainframe disk farm
>
> While I really like your new term, "ransomwared", I have to disagree
> with the conclusion. O
ist [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Tom Brennan
Sent: Monday, September 7, 2020 4:32 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Ransoming a mainframe disk farm
While I really like your new term, "ransomwared", I have to disagree
with the conclusion. Of course we need t
While I really like your new term, "ransomwared", I have to disagree
with the conclusion. Of course we need to try to prevent the attack,
but we also need to have some kind of backup to get things at least
somewhat back to normal. And that doesn't mean a single backup method
for all kinds of
WSL doesn't have anything to do with cloud.
It's just the running of Linux within Windows, using bits of Hyper-V
internally, I think.
That said, Joe's point about securing this new vector is one to pay attention
to.
And since z/OS is also working on improving/expanding z/OS NFS implementation..
Use DS8880 SafeGuardCopy
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
So, does this mean that a cloud environment is more or less likely to be
attacked than the same on premise environment?
Such an attack could cause a major disruption in operations and thinking.
Sent from my iPhone — small keyboarf, fat fungrs, stupd spell manglr. Expct
mistaks
> On Sep 7, 2
Let me tell you why it is not such a hypothetical problem...
As we all know, Microsoft now allows under Windows for Linux, Windows
access to Linux datastores. So, imagine I have a mainframe data store
mounted as a Linux FS on a Windows box running Windows for Linux. Now, the
windows box gets ranso
"I see no relationship to the ransomware problem,..."
The whole topic is a hypothetical discussion.. don't know what to say for the
relation not being understandable.
Just a thought for damage control..
Obviously, obvious security measures have still let this hypothetical problem
through (eithe
W dniu 07.09.2020 o 14:57, kekronbekron pisze:
Makes me wonder.. some network products have a 'total lockdown' mode that stops
*anything* network. Like pulling the plug.
IBM can have a similar thing for z/OS TCPIP/SNA networks but I reckon it's more
effective if a similar lockdown (ugh) featur
Makes me wonder.. some network products have a 'total lockdown' mode that stops
*anything* network. Like pulling the plug.
IBM can have a similar thing for z/OS TCPIP/SNA networks but I reckon it's more
effective if a similar lockdown (ugh) feature exists for RACF instead.
Of course, this will m
My €0,02
Ransomware on z/OS is very unlikely, but it is possible. We cannot say
it is impossible.
The possibility depends on some circumstances which affect the results
and possible prevention. It will be disscuessed. below (a little bit).
Will backup help? NO!
Backup may be last resort, espec
tape.
>Russell Wittopinions are all my own (and I have a lot of them)
>
>
>-Original Message-
>From: John McKown
>To: IBM-MAIN@LISTSERV.UA.EDU
>Sent: Sat, Sep 5, 2020 6:47 am
>Subject: Re: Ransoming a mainframe disk farm
>
>If I were to consider this (which I
2020 19:53:11 +, Gibney, Dave wrote:
>You can IPL Standalone DSS or FDR from CD
>
>> ---O-Original Message-
>> From: IBM Mainframe Discussion List On
>> Behalf Of Jesse 1 Robinson
>> Sent: Friday, September 04, 2020 11:51 AM
>> To: IBM-MAIN@LISTSERV.UA.E
If it's on the network then you know someone can find a way in, and once they
are in then all bets are off. Given the newer technology that has been, and is
being, developed to crack passwords it is only a matter of when and not if.
Are WORMs really protected if they are in a virtual storage sub
audit trail of their own activities and most commonly that audit trail will be backed
up on tape.
Russell Wittopinions are all my own (and I have a lot of them)
-Original Message-
From: John McKown
To: IBM-MAIN@LISTSERV.UA.EDU
Sent: Sat, Sep 5, 2020 6:47 am
Subject: Re: Ransoming a mainf
20 6:47 am
Subject: Re: Ransoming a mainframe disk farm
If I were to consider this (which I don't because my shop _is_ going away
1Q2021), what I would do is have a "golden image" (aka sysprog sandbox or
the GI) in a different LPAR. This image would have access to all attached
devices, in
We once had a database so valuable that it was mirrored to a remote site where
8, 16, and 24 hour PIT copies of it were made. We could do forward recovery
from tape if needed. This was more to protect against an application trashing
the data than anything else. It was hoped that data corrupti
If I were to consider this (which I don't because my shop _is_ going away
1Q2021), what I would do is have a "golden image" (aka sysprog sandbox or
the GI) in a different LPAR. This image would have access to all attached
devices, including sharing a virtual tape environment. But the "core"
volumes
, September 4, 2020 5:56 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: (External):Re: Ransoming a mainframe disk farm
CAUTION EXTERNAL EMAIL
"Bill Gates and the FBI say it is the worst virus ever. Forward this to
everyone in your address book."
Charles
-Original Message-
From: IBM
: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Ransoming a mainframe disk farm
Ha ha: "Hello, Iron Mountain? This is the CIO. We've discovered a
terrible computer virus that only exists on physical tape. I need you
to take every tape you can find to the shredder immediately. Wear
gloves and a m
sion List on behalf of Tom
Brennan
Sent: Friday, September 4, 2020 5:31 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Ransoming a mainframe disk farm
Reminds me of a "Tech Support" (I think) magazine article I read many
years ago that started out with something like, "The compa
eptember 4, 2020 12:10 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: (External):Re: Ransoming a mainframe disk farm
>
> CAUTION EXTERNAL EMAIL
>
> Skip,
>
> I will tell you what saved one of my customers. When they use a VTL, they
> replicated that VTL to another site. So, when
Sent: Friday, September 4, 2020 5:31 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Ransoming a mainframe disk farm
Reminds me of a "Tech Support" (I think) magazine article I read many
years ago that started out with something like, "The company datacenter
has lost all its data
Reminds me of a "Tech Support" (I think) magazine article I read many
years ago that started out with something like, "The company datacenter
has lost all its data, including all backups. A disgruntled employee
with full access ran weekend jobs which overwrote all tapes and disk
backups, and t
t: Re: Ransoming a mainframe disk farm
I was recently asked about this by management. I may have missed
something, but below is my response, which I expect some will poke holes in.
First, all my dasd and VTL tapes are maintained in z-only devices. They
are not used, or accessed by PC based devices. We
ber 04, 2020 1:21 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: Ransoming a mainframe disk farm
>
> I did not know that CD could be used for standalone restore. However, how
> do I process my volume dumps? They also live only in virtual.
>
> .
> .
> J.O.Skip R
: IBM Mainframe Discussion List On Behalf Of Joe
Monk
Sent: Friday, September 4, 2020 12:10 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: (External):Re: Ransoming a mainframe disk farm
CAUTION EXTERNAL EMAIL
Skip,
I will tell you what saved one of my customers. When they use a VTL, they
replicated
n Behalf
Of Tony Thigpen
Sent: Friday, September 4, 2020 12:55 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Ransoming a mainframe disk farm
I was recently asked about this by management. I may have missed
something, but below is my response, which I expect some will poke holes in.
First, all my das
⇐=== NEW
robin...@sce.com
-Original Message-
From: IBM Mainframe Discussion List On Behalf Of
Gibney, Dave
Sent: Friday, September 4, 2020 12:53 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: (External):Re: Ransoming a mainframe disk farm
CAUTION EXTERNAL EMAIL
You can IPL Standalone DSS or FDR
BM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Jesse 1 Robinson
Sent: Friday, September 4, 2020 11:51 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Ransoming a mainframe disk farm
It’s Friday, so don’t rag on me for venturing into IT fiction. No one has hit
us with this challenge (yet), but it could happen.
Ra
I was recently asked about this by management. I may have missed
something, but below is my response, which I expect some will poke holes in.
First, all my dasd and VTL tapes are maintained in z-only devices. They
are not used, or accessed by PC based devices. We don't run z-Linux
either. My d
You can IPL Standalone DSS or FDR from CD
> -Original Message-
> From: IBM Mainframe Discussion List On
> Behalf Of Jesse 1 Robinson
> Sent: Friday, September 04, 2020 11:51 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Ransoming a mainframe disk farm
>
> It’s Fr
Unless the migration away from Physical Tape was done by people
completely unfamiliar with Mainframe processing
Change 'tape' to 'Virtual Tape Subsystem Objects'
Although we used the DRVendor's floor system to run the restore, we
could have had them 'mount' our DR z/VM or DR z/OS system im
Skip,
I will tell you what saved one of my customers. When they use a VTL, they
replicated that VTL to another site. So, when some files got encrypted via
ransomware, they were able to quickly replicate the files back and re-boot.
Joe
On Fri, Sep 4, 2020 at 1:51 PM Jesse 1 Robinson
wrote:
> It
Retire?
Doug Fuerst
d...@bkassociates.net
-- Original Message --
From: "Jesse 1 Robinson"
To: IBM-MAIN@listserv.ua.edu
Sent: 04-Sep-20 14:50:50
Subject: Ransoming a mainframe disk farm
It’s Friday, so don’t rag on me for venturing into IT fiction. No one has hit
us
It’s Friday, so don’t rag on me for venturing into IT fiction. No one has hit
us with this challenge (yet), but it could happen.
Ransomware is much in the news these days. As unlikely as it might be, some
nefarious genius manages to lock you out of your entire disk farm and demands
rubies and
49 matches
Mail list logo