W dniu 23.01.2025 o 21:52, Paul Gilmartin pisze:
On Thu, 23 Jan 2025 21:08:48 +0100, Radoslaw Skorupka wrote:
If the concern is malware infiltration, curl, HTTPS, and IND$FILE
from a desktop waystation are all suspect.
Not mentioning the reasons or rationales, the FTP traffic in/out company
is forbidden.
Is there a whitelist allowing either mainframe or desktop access to
cbttape.org?
Is there a pathway by which (suitably privileged) individuals can
install cbttape content, possibly program objects, on the mainframe?
Is curl available on the mainframe? Otherwise this discussion is
academic. Unless the cbttape repository can be mirrored on a
desktop.
My observations, based on several shops experience:
1. Cybersecurity dept usually do not touch mainframe. Because they don't
know it and don't understand. Not to mention many of them create "Franz
Kafka - The Trial" world - you are accused, but you don't know of what.
There are bans and prohibitions, but there is no explanation or rationale.
2. Assuming the above you can install anything you uploaded from your
workstation. And the workstation (and user) usually is allowed to
download from cbttape, etc. The reason is obvious: it is https, not ftp.
Note, you can install *anything*. Including APF libraries, SVC, exits,
etc. Of course you have to be a sysprog or other person authorized to
change APF, etc. Formal acceptation process does not exist, however
informal discussions between colleagues usually take a place.
3. Of course the are notable exceptions, where no freeware or RYO tool
can be installed, except simple scripts which do not require any special
authorizations.
4. Sometimes anything from outside is forbidden by default. However,
theoretically you could type your own script. So, printing some useful
script at home and typing/copying it by hand would be acceptable.
5. Fun fact: I tried to download some of Mark Zelden's utilities. It
turned out the webpage is prohibited with category "porn" and my attempt
was recorded, etc. :-)
--
Radoslaw Skorupka
Lodz, Poland
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
