True. For users which have RACF SPECIAL, a WTOR is written to the z/OS console. Of course, in our shop, nobody monitors the z/OS consoles. And the shop is totally "dark" on the weekends.
Naturally, I have a very weird way to do something about this. Which I will not document or tell to anyone. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * [email protected] * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM > -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:[email protected]] On Behalf Of Skip Robinson > Sent: Tuesday, March 27, 2012 12:38 PM > To: [email protected] > Subject: Re: Malicious Software Protection > > We're all pretty sanguine about our mainframe invulnerability. But we > should not overlook how one of our most valuable protections > can be turned > against us. We all have some limit set for logon attempts. If > an invalid > password is entered too many times, the userid gets > suspended--or referred > to the OS console for verification. A malicious rascal (any > other kind?) > can disable a really important userid in this way. Of course > the person > has to get into the network first and must know the userid to > target, but > beyond that no special authority is required. Even console > referral would > be disruptive to normal production. > > . > . > JO.Skip Robinson ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
