Farewell Walt. Thanks for the memories. Was this your "Last Post"? (In the British military sense; ie. "Taps" to most on this list.)
=== > Date: Wed, 28 Mar 2012 07:28:58 -0500 > From: [email protected] > Subject: Re: Malicious Software Protection > To: [email protected] > > On Tue, 27 Mar 2012 11:09:23 -0700, Skip Robinson <[email protected]> > wrote: > > >The reason I brought up this 'vulnerability' is that we hired a consultant > >a while back to look for weaknesses. Of course they were able to logon > >with a vanilla userid that had no special authority. And this is what they > >did. > > > >We all spend a lot of time and mental energy focused on how to protect > >ourselves from sophisticated attack. We look at APF. We look at SVC > >screening. We look at access to sensitive libraries. But this particular > >'denial of service' can be accomplished by anyone with a valid userid and > >password. And *only* because we lock up users for invalid password > >attempts. I'm just sayin'... > > It's just another form of disaster you have to plan for, Skip. > > It's easy, for example, to setup an STC that runs with an ID that has > SPECIAL, or that is the OWNER of some IDs that have SPECIAL, and have that > STC run IKJEFT01 and issue ALTUSER ... RESUME for one or more other IDs that > have SPECIAL. > > If they all get locked out, you just run the STC and that set of IDs is > RESUMED. > > The STC itself will be able to run, even if its ID has been revoked, and so > it provides protection against the issue you're suggesting. > > But yes, you need to be prepared for this, just as for anything that can > compromise your system. > > (Other alternatives exist, by the way, including emergency copies of the RACF > database that you can make available in such an emergency situation, but the > STC approach is the simplest, in my opinion. Nonetheless, I would also > recommend having an emergency RACF DB available, too, but that also goes > along with having emergency system residence volumes available.) > > -- > Walt Farrell > IBM STSM, z/OS Security Design (for another half-hour or so) > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
