I've been at multiple shops that had magic SVCs. At one shop that had two, I was allowed to remove one but not another. In one shop where I discovered an error in the authentication code, I was ordered to not mention it to the auditors. I naively expect such to die with the advent of APF, but they're still out the, due to decades of inertia.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of Radoslaw Skorupka [r.skoru...@hotmail.com] Sent: Friday, October 8, 2021 7:40 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Mainframe ransomware solution First part of my answer was kind of joke. Wasn't it clear? Second part provided some means, products and opinions. Regarding magic SVCs - I have *never* found any. Yes, I met and fixed some other mistakes you mentioned. And yes, such point should be on auditor checklist. And yes, people tend to make mistakes. That's why I mentioned audit as important part of the picture. And it is good idea to have redundant protections whenever possible. That's why we have encrypted datasets. Not because RACF sucks. And at the end we may have Safeguarded Copy or Dell/EMC solution. -- Radoslaw Skorupka Lodz, Poland W dniu 08.10.2021 o 00:47, Charles Mills pisze: > I don't know, but what the professional Pen Testers tell me is that they > never fail to find things like that. > > I've never met any group that never made a mistake, never had an "oops," > never "missed something." > > Magic SVCs were widespread until recently. Has every single one vanished? > > Charles > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Bill Johnson > Sent: Thursday, October 7, 2021 3:21 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Mainframe ransomware solution > > You’d have to be a poorly run shop to permit any of those to occur. Maybe > that’s why mainframe hacks have actually never happened.....Biden > successfully extracted 124,000 from Afghanistan in a few weeks. Amazing. > > > Sent from Yahoo Mail for iPhone > > > On Thursday, October 7, 2021, 2:12 PM, Charles Mills <charl...@mcn.org> wrote: > > And assuming you never make a mistake. Never leave an APF data set > unprotected. Never give the wrong person console authority. Fully understand > APF on UNIX. Never have a Rexx PDS used by privileged users that is > modifiable by others. Have no magic SVCs. Have no flawed APF code, no APF > "tools" available inappropriately. > > Charles > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Radoslaw Skorupka > Sent: Wednesday, October 6, 2021 2:13 PM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Mainframe ransomware solution > > W dniu 05.10.2021 o 15:24, Tommy Tsui pisze: >>> Hi >> Any shop implement mainframe ransomware solution can share? IBM seems has >> cyber vault to handle this. Is there any other solution available ? >> Thanks for sharing > <shameless mode> > Yes, we have such solution. > This is combination of the following products: > 1. z/OS > 2. RACF > 3. Professional staff > </shameless mode> > > Other means: > RACF > backup > Safeguarded copy and other vendors' solutions > audit > procedures > > Note: all of the "solutions" marketed nowadays give you some cure *after > breach happened*. However that means some problems. It is unlikely to > restore with RPO=0. If you want RPO=0 then you should pay much more > attention at prevention, which means ...no, NOT ANOTHER PRODUCT. > Definitely first: professional staff, procedures, audit. And then maybe > some tools. > IBM Cyber Resiliency tools: Guardium, zSecure Suite, QRadar SIEM, > Safeguarded Copy... ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
