Folks, Why does everybody insist on overlooking the obvious ??.
The hell with how quickly you apply fixes. MVS (or OS/390 or z/OS or whatever you want to call it) has NEVER been hacked or destroyed by an ex employee !!. In fact, let me re-state that .. the mainframes HAVE NEVER been hacked or destroyed by an ex employee !!. Firstly, in the mainframe world, even employees that were fired .. as mad as they could be, are too professional to try petty tactics ... for two .. one of the first things and I think this has inherently happened for decades, that happens is that the ex-employees' network and mainframe id's are either suspended or revoked. Either way, they lose immediate access to the company network and the mainframe. In fact, if the 'ex' was a vendor or ISV, aside from having their id's and network access revoked, if logged on, they are forced off the system/network. For at least the past three decades, I've constantly heard about virus', and ex-employee tactics or whatever have you and the only environment that has EVER been affected is the PC environment and more specifically, the WinBlows environment. That said, I do fully admit that the PC's are good for what they were engineered to be .. a PERSONAL computer, NOT a BUSINESS computer !!. Kind Regards Jim Thomas 617-233-4130 (mobile) 636-294-1014 (res) j...@thethomasresidence.us (Email) -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Clark Morris Sent: Thursday, August 18, 2011 9:12 PM To: IBM-MAIN@bama.ua.edu Subject: Re: Security is fun in the PC world.... On 18 Aug 2011 14:00:39 -0700, in bit.listserv.ibm-main you wrote: >--------------------------------------<snip>------------------------------- ----- >This person had a user-id and password with privileges. Think of the >harm someone with a system programmers id and privileges can do. For >those of you who have been at a number of shops, how many were really >careful about ids and their revocation. Most of the ones I was at were >and I am not certain about the others. The problem was the security >culture and I guarantee you that not all mainframe shops are really good >about it. >------------------------------------<unsnip>------------------------------- ---- >In my last shop, the head of security administration (one of my many >hats) had to be informed BEFORE the person being terminated. Id he/she >was logged on, I was to revoke the userid and if logged on, cancel the >session. The person being terminated was escorted off the premises and >could make arrangements to clean out personnal property at a later date. > >-------------------------------------<snip>-------------------------------- ------- >I also would almost guarantee you there are a number of Unix and Windows >shops that take it very seriously. >--------------------------------------<unsnip>----------------------------- ----- >Then why in God's name are they running Windoze and/or UNIX?? > >----------------------------------<snip>----------------------------------- ------- >How quickly do mainframe shops apply the PTF's for integrity APARs? How >quickly do the other environments apply the comparable fixes? >-----------------------------------<unsnip>-------------------------------- -------- >For our MVS-OS/390-z/OS environment(s), we always let PTF's age for 30 >days, partly to let someone else debug them and partly to evaluate their >impact in our shop. Then we decided whether to apply or not. For the >Windoze and UNIX weenies, I can't say. Which means you leave the security hole fixed by the integrity APAR open for 30 days. In at least some Windows and Unix shops, the comparable fixes get a higher priority. > >Rick > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ----- No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1392 / Virus Database: 1520/3843 - Release Date: 08/18/11 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
