05F0 0A0C
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of Clark Morris <cfmt...@uniserve.com> Sent: Monday, May 27, 2019 2:14 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Fwd: Just how secure are mainframes? | Trevor Eddolls [Default] On 27 May 2019 09:05:47 -0700, in bit.listserv.ibm-main 00000047540adefe-dmarc-requ...@listserv.ua.edu (Bill Johnson) wrote: >Mainframes are by design far more secure. For good reason. The exposure is >catastrophic potentially. It’s one of the main reasons why banks rely and stay >on it and spend tens of millions for it. I’ve already provided numerous links >referencing it. Add in my criminal justice knowledge along with my computer >science degree and 40 years of experience in IT and security. But don’t let me >dispel your beliefs. > Hopefully the mainframe is more secure than in the era that had at least one university had a CRASH command that would take down the system because so many students were finding ways to crash the system. There are ways to secure all files and other resources but are they used and access kept current? The problem is keeping the system secure while allowing people to do useful work. The IBM mainframe has the base facilities but are they used and considered usable? Can someone access the system after leaving the organization? Are test files well secured? Are those who have access to the system well vetted? Are the applications designed in a secure manner? Is all data entering a given computer system checked on that system even if that data is coming from a PC or other entry device using screens supplied by the mainframe system? On things like web servers which are cross platform, Apache for example, is there a process in place to keep up to date with the fixes which are also cross platform? What is the policy for applying integrity APARs? If the IBM tools provided are awkward to use, is the organization willing to spend the money for 3rd party tools to ease the burden and simplify the implementation of the organization's policies? The question is more not how secure a system can be made but rather how secure the organization is willing to make it. Is the security implemented in a way that doesn't cause people to try finding ways of gaming it in order to do their jobs? Clark Morris > >Sent from Yahoo Mail for iPhone > > >On Monday, May 27, 2019, 11:45 AM, Chad Rikansrud ><mainfr...@bigendiansmalls.com> wrote: > >At the risk of re-kicking the already dead horse: Bill, you're comparing >apples and spiders. > >Are there fewer mainframe 'hacks'? Yep. There are also exponentially fewer >mainframes than Windows / Android / Mac / IOS / Linux. Like - a few thousand >mainframes compared to 2.5 BILLION users of Windows/Linux/Mac/Android & IOS >combined. That is somewhere between 250,000 - 500,000x more installs of those >OS's. And they are freely available for literally anyone to poke at. > >What you're arguing "Because Windows gets hacked daily, and mainframes are >never in the news as have being hacked - means that mainframes are more secure >.. more 'hack-proof'" Is like saying that: > >-- Homes in Toronto are more hurricane-proof because fewer of them are >destroyed than in Key West. >OR >-- Babies are better drivers than their parents, because their parents get in >accidents every day. >OR >-- People in Greenland are less susceptible to cancer because fewer people die >of it than do in the US. > >For years people thought Macs were less susceptible to viruses than their >Windows counterparts... because? They never read about Mac hacks. The >reality? There were way fewer Macs. Now? Still much less marketshare than >Windows, but lots of Mac hacks/malware out there because they have more than >doubled their market share in 6-8 years. > >Mainframe hardware / software is built by humans for humans (BHFH?) and will >thus always have vulnerabilities and misconfigurations because we all make >mistakes. Mainframe is decidedly just as hackable - by any definition of that >word. > >Cheers, > >Chad > >---------------------------------------------------------------------- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > >---------------------------------------------------------------------- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
