Sorry should be flavor Sent from my iPad Scott Ford Senior Systems Engineer www.identityforge.com
On Mar 27, 2012, at 1:49 PM, Scott Ford <[email protected]> wrote: > Lets step through this logically: > > TN3270 .... > > 1. Must have RACF/ACF2/TSS userid/lid/acid > 2. Must have a valid password > 3. Must have valid IP address > 4. Must have valid port > 5. Must have Firewall rule for #3 and #4 ... > > Other issues: How many firewalls ? How is the network architected ? > > This is just a favor ..FTP the same > > Scott J Ford > Software Engineer > http://www.identityforge.com > > > > ________________________________ > From: Skip Robinson <[email protected]> > To: [email protected] > Sent: Tuesday, March 27, 2012 1:37 PM > Subject: Re: Malicious Software Protection > > We're all pretty sanguine about our mainframe invulnerability. But we > should not overlook how one of our most valuable protections can be turned > against us. We all have some limit set for logon attempts. If an invalid > password is entered too many times, the userid gets suspended--or referred > to the OS console for verification. A malicious rascal (any other kind?) > can disable a really important userid in this way. Of course the person > has to get into the network first and must know the userid to target, but > beyond that no special authority is required. Even console referral would > be disruptive to normal production. > > . > . > JO.Skip Robinson > SCE Infrastructure Technology Services > Electric Dragon Team Paddler > SHARE MVS Program Co-Manager > 626-302-7535 Office > 323-715-0595 Mobile > [email protected] > > > > From: Steve Comstock <[email protected]> > To: [email protected] > Date: 03/27/2012 10:22 AM > Subject: Re: Malicious Software Protection > Sent by: IBM Mainframe Discussion List <[email protected]> > > > > On 3/27/2012 10:46 AM, Greg Dorner wrote: >> Thank you, Elardus for your verbosity. >> >> >> - you can replace/fire those auditors as mentioned earlier in this > thread >> >> - As Ted MacNeil insists, the auditors only RECOMMENDS, it is your >> management > who can APPLY those recommendations. >> >> Unfortunately, we have no say with these auditors. They are working on >> behalf > of the Feds, and if we don't comply we can lose billions of $$ in federal > contracts. >> >> The beauty of this is, someone from my company contacted the person at > PWC > that made this claim that MCAFEE is coming out with a product, and he > backtracked, saying he may have been thinking of Mac OS. MAC OS??? >> >> They just took a big chuck of our company offline for several hours to > research this phantom. > > Wow. And did they reprimand this doofus in any way? Slap on > the wrist? Letter in his personnel file? > > More likely he got commended for being concerned about company > security, even though he had no idea what he was talking about. > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
