Re: article about ransomeware and mainframe

Tue, 21 Dec 2021 06:01:52 -0800 

Hi Eileen,
I read the article and there seems to be more than one elementary mistake:
"... IBM’s modern mainframe series started with the 360 up to its current z/OS series ..." 360 is software is hardware, z/OS is software "... Mainframes today do not actually run-on discretionary access control; rather, they run on a mezzanine level of control called role-based access control <https://www.google.com/url?q=https%3A%2F%2Fresources.infosecinstitute.com%2Fcertification%2Faccess-control-models-and-methods&sa=D&sntz=1&usg=AFQjCNE49XmkPDVpRMSyE9lkbFngLP-shA> .../". /This statement is true ONLY IF individual USERIds are not given access to any resource. It is not default behaviour. 
"... IDs run with a UNIX/Linux SUID of 0. ..." Maybe "UID" instead?
"... PC or a Mac that can run TN3270-emulation software. ..." Linux (not mentioned) is more likely to be used than Mac "... All vendor-supplied and IBM software must be audited for SUID = 0 ..." Again, UID, not, SUID "...The authorized program facility (APF) library must be monitored for all access because programs running from this library can change a normal ID to a privileged ID. ..." This library?! APF Lists can be hundreds of Datasets. 

Regards,
David

On 2021-12-21 08:36, Barkow, Eileen wrote:

This article was written by Paul Renda, who is one of our colleagues in the 
RACF security group.



https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.realcleardefense.com%2F&amp;data=04%7C01%7C%7C15f6f8f3f91e44b6de7c08d9c486fdd8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637756906385316362%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=cdbtVU%2Fv4DviMt%2BrMnkhNDpHcFC2wJWdQVq63tuml8I%3D&amp;reserved=0



________________________________

This e-mail, including any attachments, may be confidential, privileged or 
otherwise legally protected. It is intended only for the addressee. If you 
received this e-mail in error or from someone who was not authorized to send it 
to you, do not disseminate, copy or otherwise use this e-mail or its 
attachments. Please notify the sender immediately by reply e-mail and delete 
the e-mail from your system.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email tolists...@listserv.ua.edu  with the message: INFO IBM-MAIN
.


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN






















					Reply via email to