Long ago I was asked for advice on proving that it was unsafe running
multiple levels of classified material on VM, in a data center where the
manager had -- of course -- insisted that it was.
Whether or not that was true (and whether or not it could be proven), I
suggested first experimenting with issues such as Tim mentions. Such as
starting at the system S and Y disks (where IBM and installation system
software, utilities, and tools lived), examining Execs for Link
commands, and following them where they led. A few days later, the
tester placed a printout of the -- unencrypted, with passwords -- system
directory on the manager's desk.
I don't know what followed but wonder if they were still allowed to run
any classified work.
Timothy Sipples <sipp...@sg.ibm.com> said:
That said, I'm quite concerned (paranoid, even) because these wonderful
security features so frequently either aren't implemented at all or are
implemented badly, inconsistently. Also, unfortunately, there are far too
many organizations running unsupported technologies with known security
vulnerabilities, and there are even more that do not have reasonable,
timely preventive maintenance programs that they execute consistently and
well.
--
Gabriel Goldberg, Computers and Publishing, Inc. g...@gabegold.com
3401 Silver Maple Place, Falls Church, VA 22042 (703) 204-0433
LinkedIn: http://www.linkedin.com/in/gabegold Twitter: GabeG0
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
