Let me tell you why it is not such a hypothetical problem... As we all know, Microsoft now allows under Windows for Linux, Windows access to Linux datastores. So, imagine I have a mainframe data store mounted as a Linux FS on a Windows box running Windows for Linux. Now, the windows box gets ransom'd ... what happens to the Linux FS mounted on the Windows box?
In case you dont know about it: https://docs.microsoft.com/en-us/windows/wsl/install-win10 Joe On Mon, Sep 7, 2020 at 8:47 AM kekronbekron < 000002dee3fcae33-dmarc-requ...@listserv.ua.edu> wrote: > "I see no relationship to the ransomware problem,..." > > The whole topic is a hypothetical discussion.. don't know what to say for > the relation not being understandable. > Just a thought for damage control.. > > Obviously, obvious security measures have still let this hypothetical > problem through (either bypassed or less-than-optimal security measures).. > so fiddling with user accesses at this point is irrelevant. > > Whole world knows how to prevent.. but actually doing it is a whole > another matter of tools, processes, capabilities, and such. > > - KB > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Monday, September 7, 2020 7:08 PM, R.S. <r.skoru...@bremultibank.com.pl> > wrote: > > > W dniu 07.09.2020 o 14:57, kekronbekron pisze: > > > > > Makes me wonder.. some network products have a 'total lockdown' mode > that stops anything network. Like pulling the plug. > > > IBM can have a similar thing for z/OS TCPIP/SNA networks but I reckon > it's more effective if a similar lockdown (ugh) feature exists for RACF > instead. > > > Of course, this will mean a whole lot of things will now start failing > (perhaps this feature can also write such lockdown-initiated violations > into a special report), but it may be worth shuttering things down before > things can get worse. > > > Alternatively, storage boxes need to get intelligent with their > metadata. > > > > > > - KB > > > > I see no relationship to the ransomware problem, however in z/OS you can > > "totally lockdown" any network interface you want. Including offline the > > device and chpid. And this is IMHO good for Hollywood movies, not as > > real protection - this "plug out feature" would work ...when? After the > > hacker started encryption, or just two minutes before? Who/what > > recognize suspected activity? What if the activity was phony, just to > > run "plug out feaure"? > > > > My advice: > > > > 1. Only authorized users should have connectivity to the mainframe > > ...and any other resource. No more "any to any" company networks. > Note: > > "authorized" in this point has nothing to do with a mainframe. Just > > Johny the Sysprog can connect to the host, but Jim the secretary > cannot. > > > > 2. Only authorized users can logon. User, password, maybe MFA. Obvious. > > 3. Users are authorized to the resources they need, nothing more. Of > > course we do not talk about READ to SYS1.HELP, but it is good idea to > > not allow APF update to any TSO user. This is typical RACF > > responsibility. Loooong story. > > > > -- > > Radoslaw Skorupka > > Lodz, Poland > > > > > ====================================================================== > > > > Jeśli nie jesteś adresatem tej wiadomości: > > > > > > - powiadom nas o tym w mailu zwrotnym (dziękujemy!), > > - usuń trwale tę wiadomość (i wszystkie kopie, które wydrukowałeś lub > zapisałeś na dysku). > > Wiadomość ta może zawierać chronione prawem informacje, które może > wykorzystać tylko adresat.Przypominamy, że każdy, kto rozpowszechnia > (kopiuje, rozprowadza) tę wiadomość lub podejmuje podobne działania, > narusza prawo i może podlegać karze. > > > > mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 > Warszawa,www.mBank.pl, e-mail: kont...@mbank.pl. Sąd Rejonowy dla m. st. > Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, KRS > 0000025237, NIP: 526-021-50-88. Kapitał zakładowy (opłacony w całości) > według stanu na 01.01.2020 r. wynosi 169.401.468 złotych. > > > > If you are not the addressee of this message: > > > > - let us know by replying to this e-mail (thank you!), > > - delete this message permanently (including all the copies which you > have printed out or saved). > > This message may contain legally protected information, which may be > used exclusively by the addressee.Please be reminded that anyone who > disseminates (copies, distributes) this message or takes any similar > action, violates the law and may be penalised. > > > > mBank S.A. with its registered office in Warsaw, ul. Senatorska 18, > 00-950 Warszawa,www.mBank.pl, e-mail: kont...@mbank.pl. District Court > for the Capital City of Warsaw, 12th Commercial Division of the National > Court Register, KRS 0000025237, NIP: 526-021-50-88. Fully paid-up share > capital amounting to PLN 169.401.468 as at 1 January 2020. > > > > > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
