>What ever your security server may be (RACF, CA-ACF2, CA-TSS) audit the
>successful use of the program IND$FILE so that all executions are logged.
This still does not address the issue.
Logging the use of IND$FILE (obsolete) does not manage all methods of moving
files from the mainframe to PC's
What ever your security server may be (RACF, CA-ACF2, CA-TSS) audit the
successful use of the program IND$FILE so that all executions are logged.
For RACF, it will appear in the SMF80 records.
Failing that, write a front end to IND$FILE that cuts a user SMF record or
something that can happen asyn
The SMF 30 contains no TSO COMMAND usage information
by command name, but any DDNAMEs allocated during the
TSO session are recorded in the SMF 30s, so you can
often/sometimes recognize what TSO command was used
from recognizable unique DDNAMEs in the SMF 30,
but without 100% accuracy.
And you coul
Was doing an interview audit one time. Subject was control of system
libraries and protecting them. Then I shocked the auditor by asking this
question.
"Why are you so intent on protecting the system from me, whose livelihood
is dependent on keeping it healthy? What about that hourly operator o
Thanks all your information and sharing. Actually, there are so many ways to
transfer files from HOST system but we still have to cope with
the internal/external auditor each year. We can't say "nothing we can do".
Nothing is prefect, but taking notes/remember the coding and picture some
photo we c
On Sun, 20 Apr 2008 10:29:28 -0500, Kenneth E Tomiak
<[EMAIL PROTECTED]> wrote:
>After awhile I start to spot a trend from some people posting here that they
>are not trying to learn how to do something, they have figured out how to get
>IBM-MAIN to do their job for them.
>...
Let me present anot
---
Are you referring to me?
If so it doesn't take much. I feel like a hero every time I come home
and my cats recognize me. If I can get an assembler program to make it
to the linkedit step, I feel like a demigod.
--
EMAIL PROTECTED] On
Behalf Of Kenneth E Tomiak
Sent: 20. huhtikuuta 2008 18:29
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: how to audit the usage of IND$FILE
If they ask for a program to use the SMF data and someone directs them
to a working assembler sample on cbttape.org but it isn't the exact
report
In a message dated 4/20/2008 12:05:33 P.M. Central Daylight Time,
[EMAIL PROTECTED] writes:
(and not a CLIST that CALLs a program); therefore you
can create an SMF type 32 record for each use of the
command.
>>
But aren't they already cut in type 30? I think I stumbled on this while
look
I believe IND$FILE is implemented as a Command Processor
(and not a CLIST that CALLs a program); therefore you
can create an SMF type 32 record for each use of the
command.
The SMF Manual discusses enablement in Chapter 4.
Barry
Barry Merrill
Herbert W. Barry Merrill, PhD
President-Programme
aby sitters for those who won't exhaust their own
channels before dealing
with this group.
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf
Of Kenneth E Tomiak
Sent: Sunday, April 20, 2008 10:29 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject:
This post: Use of SPFEDIT in my own program Bob Rutledge
<[EMAIL PROTECTED]> is a fine example of how to educate the OP
instead of doing their work for them.
On Sun, 20 Apr 2008 10:29:28 -0500, Kenneth E Tomiak
<[EMAIL PROTECTED]> wrote:
>After awhile I start to spot a trend from some peop
After awhile I start to spot a trend from some people posting here that they
are not trying to learn how to do something, they have figured out how to get
IBM-MAIN to do their job for them.
So if someone asks how to audit a program 'A' and then later asks how to
audit program 'B', did they lear
On 17 Apr 2008 14:56:45 -0700, in bit.listserv.ibm-main you wrote:
>Or modularize the design so that no one part is known by everyone. I
>think that's why Windows works so well.
So how is Windows different from zOS in that regard? ANY complex
operating system component becomes unknowable i
> Tom Schmidt
> (BTW, I know of a company nearby that has a policy prohibiting cellphones
> with cameras but they have no prohibition regarding cameras without
> cellphones. You may bring in a digital camera - as long as it isn't part of
a cell phone!)
My comapny won't allow cameras without a cam
On Fri, 18 Apr 2008 12:44:24 -0500, John McKown wrote:
>Don't let the outsiders connect directly to the company LAN. Instead,
>force them to use something like Microsoft Terminal Services to logon to
>a multiuser Windows server. Once there, allow them to use a 3270
>emulator. That way, the emulat
Hum, I just had another idea about this sort of thing to bounce around.
Don't let the outsiders connect directly to the company LAN. Instead,
force them to use something like Microsoft Terminal Services to logon to
a multiuser Windows server. Once there, allow them to use a 3270
emulator. That way,
On Fri, 18 Apr 2008 00:47:29 -0500, Kenneth E Tomiak ranted:
>Tommy Tsui has had posts before, IIRC, that indicate a complete lack of
>knowledge about how an operating system works. I believe he has been
asking
>how to audit just about everything. Ignorant of what SMF can record, how to
>process
Oh, another possibility is to use RACF and PADS, but I don't know if
that will work to allow ISPF EDIT but disallow basically everything
else, such as IND$FILE.
--
John McKown
Senior Systems Programmer
HealthMarkets
Keeping the Promise of Affordable Coverage
Administrative Services Group
Informati
Don Leahy wrote:
[...]
How about stealing an idea from the movie "Paycheck". We could wipe
the memory of the programmer as soon as the engagement is over. :-)
This thread has started to get sillybut it is Friday.
Not necessarily.
There is big difference between memorizing few lines
On Fri, Apr 18, 2008 at 1:47 AM, Kenneth E Tomiak
<[EMAIL PROTECTED]> wrote:
> Do you strip search them as they leave the building to ensure paper is not in
> their posession? Ignoring the possibility of print-screen like functions, I
> can
> take a pen and a piece of paper and copy a file byte
Hum, I just had another idea about this sort of thing to bounce around.
Don't let the outsiders connect directly to the company LAN. Instead,
force them to use something like Microsoft Terminal Services to logon to
a multiuser Windows server. Once there, allow them to use a 3270
emulator. That way,
]> wrote:
>> It is better to protect the data, rather than the method of copying.
>
>That doesn't help if you want the programmer to work on a program
>but you don't want him to take it with him.
>
>
>> Date: Thu, 17 Apr 2008 20:41:35 +0000
>> Fr
On Thu, Apr 17, 2008 at 11:00 PM, Edward Jaffe
<[EMAIL PROTECTED]> wrote:
> Don Leahy wrote:
>
> > Even a green screen is no guarantee if the programmer smuggles a
> > camera into the office and takes pictures as he scrolls. Tedious
> > perhaps, but it would work.
> >
> >
>
> Camera? I have a VBS
Don Leahy wrote:
Even a green screen is no guarantee if the programmer smuggles a
camera into the office and takes pictures as he scrolls. Tedious
perhaps, but it would work.
Camera? I have a VBS macro for IBM's PCOMM that scrolls forward and
appends each screen's worth of data to a text f
>If you have a cell phone camera, it is not that big of an issue - no one
>really thinks there is a camera in the building when it is in a cell phone.
It depends where you work.
Th company I recently got downsized from actually had a policy against cell
cameras.
-
Too busy driving to stop for g
If you have a cell phone camera, it is not that big of an issue - no one
really thinks there is a camera in the building when it is in a cell phone.
Lizette
> >That doesn't help if you want the programmer to work on a program but you
don't want him to take it with him.
>
> If he can read it, he
On Thu, Apr 17, 2008 at 5:30 PM, Ted MacNEIL <[EMAIL PROTECTED]> wrote:
> >That doesn't help if you want the programmer to work on a program but you
> >don't want him to take it with him.
>
> If he can read it, he can copy it.
> And, how protecting IND$FILE will not be enough.
> There are many
Ted, I agree with you. I was just giving my interpretation of what
I thought the OP's requirement was.
> Date: Thu, 17 Apr 2008 21:30:43 +
> From: [EMAIL PROTECTED]
> Subject: Re: how to audit the usage of IND$FILE
> To: IBM-MAIN@BAMA.UA.EDU
>
> >That do
> Or modularize the design so that no one part is known by everyone. I
> think that's why Windows works so well.
>
LOL! :-)
George Fogg
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL
Or modularize the design so that no one part is known by everyone. I
think that's why Windows works so well.
Ted MacNEIL wrote:
Either you trust your programmer's ethics or you shouldn't provide access to the
treasured source. >There is no in between.
Exactly! Everytime you work w
>Either you trust your programmer's ethics or you shouldn't provide access to
>the treasured source. >There is no in between.
Exactly! Everytime you work with an 'outsider' (contractor, outsourcer,
consultant, etc.), you have a risk evaluation to do.
You either trust them, or you don't.
If you
On Thu, 17 Apr 2008 21:30:43 +, Ted MacNEIL wrote:
>>That doesn't help if you want the programmer to work on a program but you
don't want him to take it with him.
>
>If he can read it, he can copy it.
>And, how protecting IND$FILE will not be enough.
>There are many methods, but the crudest
Is JK Rowling the auditor?
Tommy Tsui wrote:
because our audit want to check the unauthorized user (outsource
programmer) download the source program from our shop.
snip>>>
--
For IBM-MAIN subscribe / signoff / archive
>That doesn't help if you want the programmer to work on a program but you
>don't want him to take it with him.
If he can read it, he can copy it.
And, how protecting IND$FILE will not be enough.
There are many methods, but the crudest one cannot be protected except by
giving the programmer an
> It is better to protect the data, rather than the method of copying.
That doesn't help if you want the programmer to work on a program
but you don't want him to take it with him.
> Date: Thu, 17 Apr 2008 20:41:35 +
> From: [EMAIL PROTECTED]
> Subject: Re: how
>But the exposure exists because you gave the user READ access to the data.
This has been discussed before on the RACF-L forum.
It is better to protect the data, rather than the method of copying.
-
Too busy driving to stop for gas!
---
>because our audit want to check the unauthorized user (outsource programmer)
>download the source program from our shop.
What about ftp? Copy & Paste?
-
Too busy driving to stop for gas!
--
For IBM-MAIN subscribe / signoff / a
On Thu, 17 Apr 2008 22:07:11 +0800, Tommy Tsui wrote:
>because our audit want to check the unauthorized user (outsource
>programmer) download the source program from our shop.
>
First, have you protected it with RACF?
-- gil
--
On Thu, 17 Apr 2008 22:07:11 +0800, Tommy Tsui <[EMAIL PROTECTED]> wrote:
>because our audit want to check the unauthorized user (outsource
>programmer) download the source program from our shop.
>
>On 4/17/08, Binyamin Dissen <[EMAIL PROTECTED]> wrote:
>>
>> On Thu, 17 Apr 2008 15:00:29 +0800 Tom
On Thu, Apr 17, 2008 at 10:19 AM, Binyamin Dissen
<[EMAIL PROTECTED]> wrote:
> On Thu, 17 Apr 2008 22:07:11 +0800 Tommy Tsui <[EMAIL PROTECTED]> wrote:
>
> :>because our audit want to check the unauthorized user (outsource
>
> :>programmer) download the source program from our shop.
>
> How will
> -Original Message-
> From: IBM Mainframe Discussion List
> [mailto:[EMAIL PROTECTED] On Behalf Of Ted MacNEIL
> Sent: Thursday, April 17, 2008 1:54 PM
> To: IBM-MAIN@BAMA.UA.EDU
> Subject: Re: how to audit the usage of IND$FILE
>
>
> >Is there any way th
>Is there any way that can keep track the usage of IND$FILE, if the user rename
>the IND$FILE to ther own location and call it with TN3270, how can we
check this case.
Why do you want to audit it?
There are many ways to transfer files around besides that method.
-
Too busy driving to stop for ga
As someone else already pointed out, although cumbersome, you can
always cut&paste what you see on your 3270 screen.
Don't grant people access to data they don't need.
Don't grant people access to the system if you don't trust them.
Of what value is an audit record that says the data has been r
Tommy,
Why don't you put AUDIT on the source file and see who touches it for READ?
IIRC, IND$FILE might be possible to track if you had a product like MXG or
SOFTAUDT or MICS and the access was to the mainframe. Is there a specific way
they are invoking IND$FILE? From a PC or from the mainfr
> -Original Message-
> From: IBM Mainframe Discussion List
> [mailto:[EMAIL PROTECTED] On Behalf Of Tommy Tsui
> Sent: Thursday, April 17, 2008 9:07 AM
> To: IBM-MAIN@BAMA.UA.EDU
> Subject: Re: how to audit the usage of IND$FILE
>
>
> because our audit wan
On Thu, 17 Apr 2008 22:07:11 +0800 Tommy Tsui <[EMAIL PROTECTED]> wrote:
:>because our audit want to check the unauthorized user (outsource
:>programmer) download the source program from our shop.
How will this prevent screen scraping?
There are other ways to download & upload.
:>On 4/17/08, Bi
because our audit want to check the unauthorized user (outsource
programmer) download the source program from our shop.
On 4/17/08, Binyamin Dissen <[EMAIL PROTECTED]> wrote:
>
> On Thu, 17 Apr 2008 15:00:29 +0800 Tommy Tsui <[EMAIL PROTECTED]> wrote:
>
> :>Is there any way that can keep track the
On Thu, 17 Apr 2008 15:00:29 +0800 Tommy Tsui <[EMAIL PROTECTED]> wrote:
:>Is there any way that can keep track the usage of IND$FILE, if the user
:>rename the IND$FILE to ther own location and call it with TN3270, how can we
:>check this case.
WHy do you want to do this? What is your business ca
Hi all,
Is there any way that can keep track the usage of IND$FILE, if the user
rename the IND$FILE to ther own location and call it with TN3270, how can we
check this case.
regards
--
For IBM-MAIN subscribe / signoff / archive
50 matches
Mail list logo