Let's all take pity on FTP. Over the years I have been pelted with questions and criticisms for FTP.
There is the crowd that seems to be unable to understand the simple process. Transfer a file from A to B. To this day, I cannot figure these people out. There was a time when I wished I could be paid by the question of "how does this work" These same people will blindly accept that Windows is reading an writing files from around the planet on a daily basis (email anyone, your favorite cloud or shared drive) The Fear Uncertanty and Doubt (FUD) from auditors and network people is astounding. Some think that connecting via FTP give the user "superpowers" to bypass security, read and write whatever they want and crash your system. This myth got started from some distant point in the past and will not die. Others are strong followers of the School of "If you CAN encrypt, you MUST encrypt" and FTP is not encrypted by default. Those of us in the know are aware that FTP goes through the same authentication as the classic LOGIN function. RACF can fully secure who and what you touch. And show me one system crashed by FTP. Encryption can be added to the process. But, criticizing that thing you don't understand (FTP or even z/OS) is easier than actually analyzing the prolem you just dreamed up. The only 'exploits' I have heard of are related to the ability to submit jobs to JES and network sniffers that capture the authentication detail for the user. The JES case is a moot point since you must authenticate to submit this evil job you have plotted. RACF can be used to control everything, including the ability to submit at all. A properly configured system can deny all of these apocyphal falls from the book of FUD. Security begins at home. If you are not locking your door, then you are open to attack. In pactice this is not done because it 'rocks the boat' and introducing a more secured FTP will upset that program written in 1976. Each site must decide just how important overall security is to them. [minor apologies for the pre-Friday rant] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
