Thanks David. I passed your comments along to Paul Eileen Barkow CICS Systems Programmer NYC Information Technology & Telecommunications 2 MTC 2 FL Brooklyn,NY,11201
718.403.8649 917.436 0508 -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of David Spiegel Sent: Tuesday, December 21, 2021 9:02 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: [EXTERNAL] Re: article about ransomeware and mainframe CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Forward suspect email to ph...@cyber.nyc.gov as an attachment (Click the More button, then forward as attachment). Hi Eileen, I read the article and there seems to be more than one elementary mistake: "... IBM's modern mainframe series started with the 360 up to its current z/OS series ..." 360 is software is hardware, z/OS is software "... Mainframes today do not actually run-on discretionary access control; rather, they run on a mezzanine level of control called role-based access control <https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.com%2Furl%3Fq%3Dhttps%253A%252F%252Fresources.infosecinstitute.com%252Fcertification%252Faccess-control-models-and-methods%26sa%3DD%26sntz%3D1%26usg%3DAFQjCNE49XmkPDVpRMSyE9lkbFngLP-shA&data=04%7C01%7Cebarkow%40doitt.nyc.gov%7C941f8ee38114414c9e2008d9c48a7add%7C73d61799c28440228d4154cc4f1929ef%7C0%7C0%7C637756921327426328%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=LjEQugrEUdn4ofIX9%2FP8OEaPRvtpcTAthHygGiBwGZQ%3D&reserved=0> .../". /This statement is true ONLY IF individual USERIds are not given access to any resource. It is not default behaviour. "... IDs run with a UNIX/Linux SUID of 0. ..." Maybe "UID" instead? "... PC or a Mac that can run TN3270-emulation software. ..." Linux (not mentioned) is more likely to be used than Mac "... All vendor-supplied and IBM software must be audited for SUID = 0 ..." Again, UID, not, SUID "...The authorized program facility (APF) library must be monitored for all access because programs running from this library can change a normal ID to a privileged ID. ..." This library?! APF Lists can be hundreds of Datasets. Regards, David On 2021-12-21 08:36, Barkow, Eileen wrote: > This article was written by Paul Renda, who is one of our colleagues in the > RACF security group. > > > > https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. > realcleardefense.com%2F&data=04%7C01%7Cebarkow%40doitt.nyc.gov%7C9 > 41f8ee38114414c9e2008d9c48a7add%7C73d61799c28440228d4154cc4f1929ef%7C0 > %7C0%7C637756921327426328%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAi > LCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Bhk%2F > 3SUrFAIiasKShecjSxHTQmBVWdwrWUhnwulhF08%3D&reserved=0 > > > > ________________________________ > > This e-mail, including any attachments, may be confidential, privileged or > otherwise legally protected. It is intended only for the addressee. If you > received this e-mail in error or from someone who was not authorized to send > it to you, do not disseminate, copy or otherwise use this e-mail or its > attachments. Please notify the sender immediately by reply e-mail and delete > the e-mail from your system. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send > email tolists...@listserv.ua.edu with the message: INFO IBM-MAIN . ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN