On Thu, Jun 11, 2015 at 3:41 PM, Walt Farrell <[email protected]> wrote:
> On Thu, 11 Jun 2015 16:16:49 -0400, Ed Finnell <[email protected]> wrote: > > >Several of the 3270 emulators had a user option for transfer mechanism > >IND$FILE or FTP. Some had better implementations that others. > > And the OP should be aware that it is theoretically possible for a TSO > user to write his own program (or acquire one elsewhere) that will do data > transfers via the 3270 data stream, or even to make a copy of IND$FILE and > change its name to something else if that name is being specifically > monitored. > > Also, monitoring IND$FILE won't stop other mechanisms such as those based > on screen printing, or TCP/IP communication protocols. > > People asking for such monitoring often, in my experience, do not realize > the other possibilities for data communication. Really, what they should do > is completely prevent the user from reading the sensitive data. If you let > a user READ the data and give him access to a TSO or a UNIX session, then > you should assume that he will be able to transport it elsewhere without > your knowledge. If you don't want him to be able to do that, you shouldn't > let him read the data. Monitoring certain easy to use transport mechanisms > is OK, but it will not catch all the other mechanisms you haven't thought > about. > > -- > Walt > > As you, and others have said, to be able to READ is to be able to copy (aka "steal") the data. In my case, the IND$FILE front end was done for two reason. The first was for performance (compare the start vs. end times) and some auditing (how much is it used?). The second, the non-swappable, was due to CPU overload at the time causing "timeouts" on the PC end. IND$FILE was being used to transfer data even before we had a TCPIP stack on z/OS. Back them, the 3270 emulation was being done on a Cisco CIP which looked like a 3174 to z/OS. -- Yoda of Borg, we are. Futile, resistance is, yes. Assimilated, you will be. My sister opened a computer store in Hawaii. She sells C shells down by the seashore. If someone tell you that nothing is impossible: Ask him to dribble a football. He's about as useful as a wax frying pan. 10 to the 12th power microphones = 1 Megaphone Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
