If a company can't afford to do computing correctly, and that includes doing it securely, they shouldn't have computers in house in the first place. Particularly medical related companies such as hospitals. That's a HIPPA violation waiting to happen. Which in the US, carries potentially severe consequences.
Date: Fri, 21 Jun 2019 13:33:39 +0300 From: ITschak Mugzach <imugz...@gmail.com> Subject: Re: mainframe hacking "success stories"? Radoslav, Many clients I visited allows local admin authority on windows workstation to the machine user for ease of management. However, we get clients monthly reports on success and failures from some clients of us. Most of them respond well to attacks and block them, so even their workstations are protected. I believe it is a question of budget. Banks can afford protection that hospitals can't (and bankers can afford better medical treatment than others...). If you look at the names of clients that were hit by such attach, it is almost always a client that can't afford a complete security systems. On the mainframe, only few datasets are owned by en users, most of them are not significant to the user (ISPF temporary datasets, some "on work" job or source code libraries that most of them are on the change management store, etc.). How many DB2 data tables can be updated by human clients directly? Near if not zero. So,from the attacker point of view, no much to encrypt,unless he get a service account. This is more complex to perform. and as I always say, security cost you a lot, but if it works, managers doesn't see the value of it. ITschak ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
