Hal, Me too
Sent from my iPad Scott Ford Senior Systems Engineer www.identityforge.com On Mar 27, 2012, at 4:30 PM, Hal Merritt <hmerr...@jackhenry.com> wrote: > Actually, Greg's point number 2 is spot on. > > Upon close inspection, they actually be asking for some change control / > management approval to protect sensitive load and source libraries. > > Over the years, I've found it helpful to not jump to conclusions when > presented with such. Rather, press for details, and keep pressing until you > get something understandable. Often as not, it turns out to be something > completely different. > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf > Of Elardus Engelbrecht > Sent: Tuesday, March 27, 2012 11:30 AM > To: IBM-MAIN@bama.ua.edu > Subject: Re: Malicious Software Protection > > Greg Dorner wrote: > >> Our auditors are insisting that we install a product that protects against >> malicious software (viruses, worms, trojans, etc.). > > Groan...., you can replace/fire those auditors as mentioned earlier in this > thread, but ... ;-D > > You have several choices. > > 1. Ask them to give reasons, examples and recommended vendors of such > software. > > 2. Ask them to define malicious software, despite your description above. > Seriously. > > 3. For native z/OS, they will have a hard way to get any vendors at all which > can supply such software. Tell me if you can catch these vendors. > > 4. Despite point 3, there are 'scanners' which can search z/OS on various > areas to look for 'holes'. They cost $$$ and is vendor specific. > > 5. Get 'penetration teams' or 'white hat hackers'. You have lots of $$$, do > you? :-) > > 6. z/OS has very good security measures provided you have your controls in > place. APF, parmlib settings, RACF, SMF, etc. are examples. See other's > replies on this fact. > > 7. Speaking of RACF, there are third party RACF [or other ESM] administration > and audit tools which could ease your work. > > 8. Weakest links are usually 'insiders'. They are the greatest threats unless > I'm mistaken. They are usually after your 'live and sensitive production' > data. > > 9. For z/Linux, USS, etc, there MAY be commercial or open-source antivirus > software available, AFAIK. > (USS - Unix System Service(s) - for those TLA haters... :-D ) > > 10. Give them IBM's Statement of Integrity. APAR reasons for security are > hidden and you are usually asked to apply them because of some > 'vulnurability' which IBM usually declines to divulge. > > 11. Ask those auditors if they have any tools to do the checks for such tools > against malicous software THEMSELVES! This will silence them properly! > >> z/OS, with proper security controls (and believe me - we have LOTS!) should >> not have to worry about such things, at least that's what I've always heard. > > Of course, but see above. > >> Any input on this topic would be GREATLY appreciated!! > > As Ted MacNeil insists, the auditors only RECOMMENDS, it is your management > who can APPLY those recommendations. > > HTH! > > Groete / Greetings > Elardus Engelbrecht > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email to > lists...@bama.ua.edu with the message: INFO IBM-MAIN > NOTICE: This electronic mail message and any files transmitted with it are > intended > exclusively for the individual or entity to which it is addressed. The > message, > together with any attachment, may contain confidential and/or privileged > information. > Any unauthorized review, use, printing, saving, copying, disclosure or > distribution > is strictly prohibited. If you have received this message in error, please > immediately advise the sender by reply email and delete all copies. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN