Re: Security question about having zLinux web servers out in DMZ.

2011-04-02 Thread Rodger Donaldson
On Wed, Mar 30, 2011 at 09:30:52PM -0500, Ron Foster at Baldor-IS wrote: Everyone, Thanks for the good responses. Right now My Boss and his Boss are talking to the security guys. I have told them some of what you all have told me. It could be useful. I highly recommend asking what level

Security question about having zLinux web servers out in DMZ.

2011-03-30 Thread Ron Foster at Baldor-IS
Hello listers, Our company has recently been acquired by another company. We are at the point of having to get our two networks to talk to each other. Before we can do that, we have to comply with certain security rules. One of them being that the mainframe cannot be exposed to the internet.

Re: Security question about having zLinux web servers out in DMZ.

2011-03-30 Thread Mark Post
On 3/30/2011 at 11:56 AM, Ron Foster at Baldor-IS rfos...@baldor.com wrote: Is this a common restriction? That is, you have to have your DMZ based web servers running on some other platform so that your mainframe is not exposed to the internet. I won't say it's _not_ common, but it's a

Re: Security question about having zLinux web servers out in DMZ.

2011-03-30 Thread Richard Troth
Mark is right. It's not a valid restriction. speculation The rule was likely put in place by someone with only MVS mainframe knowledge. /speculation Even so, there are shops which had mainframes on the public internet 15+ years ago and there are shops *today* with mainframes on the public

Re: Security question about having zLinux web servers out in DMZ.

2011-03-30 Thread Alan Altmark
On Wednesday, 03/30/2011 at 12:03 EDT, Ron Foster at Baldor-IS rfos...@baldor.com wrote: Our company has recently been acquired by another company. We are at the point of having to get our two networks to talk to each other. Before we can do that, we have to comply with certain security

Re: Security question about having zLinux web servers out in DMZ.

2011-03-30 Thread Tom Duerbusch
Not a valid restriction. Open Systems and Network types only run a single stack in a box (vast majority of the time). Here, they still can't grasp that I have some 70 stacks running on a single box. (but there is only 2 ethernet cables...so you can't have 70 stacks) From their viewpoint,

Re: Security question about having zLinux web servers out in DMZ.

2011-03-30 Thread David Boyes
On 3/30/11 8:56 AM, Ron Foster at Baldor-IS rfos...@baldor.com wrote: We have a couple of zLinux web servers that are running in a couple of z/VM guests that are connected to our DMZ. The new folks say this is a show stopper as far as hooking up the two networks. This is a political decision,

Re: Security question about having zLinux web servers out in DMZ.

2011-03-30 Thread Ron Foster at Baldor-IS
Everyone, Thanks for the good responses. Right now My Boss and his Boss are talking to the security guys. I have told them some of what you all have told me. It could be useful. Richard, Thanks for the offer to help. We shall see how things progress from here. Thanks, Ron On 3/30/2011