Re: DB2 queries without using MF.

On Jan 28, 2008, at 9:58 AM, Rob Wunderlich wrote:

On Sat, 26 Jan 2008 12:12:51 -0600, Ed Gould
<edgould1948@xxxxxxxxxxx> wrote:

That Windows data cannot be adequately secured is a canard. I'm not
disputing that RACF (and mainframe architecture) has some unique strengths,
but organizations do securely maintain and operate data on Windows and *nix
servers.

Hmmmm... well now we know how secure the the links are just wonder how the 37 *MILLION* credit card numbers that got stolen... let me see
do I hear windows and unix were involved.... Hmmm..

Its *ACCESSING* MF data for all they know you could be updating it or
reading information that you(the user) are *NOT* supposed to
access ... oh lets say SSN#, payroll information, account balances or
accounts rec/pay the list goes on and on and on. There is *NO* record
of the user accessing the data and no check to be able to see if the
user is even allowed.

Windows security allows for fine grained permissions and full auditing.

Administered by who some person that says just a moment and reboots the system and not providfe specifics as to why it crashed.. or just unplug a server and the entire network goes down and you at best get an "oops"

Just because it comes from an "IP" address
doesn't mean squat and besides PCs are kept in open areas where
anyone can just walk up to it.

Don't confuse the desktop PC with the server. The desktop is a terminal, just
like your 3270 session. The data and the access control is kept on a server. I
would assume all organizations keep servers physically secured, as they do
the mainframe.

Can I count the number of IP SPOOFERS out there .. 5 no 10 no 20 ... now who are you going to call Billy G?


If there is no sign on then there is
no validation of what the user can do.
I'm sure all enterprise installations use signon.

MF security (I won't use the four letters you don't want to talk
about ) is a *KNOWN* quantity and auditors trust it, this PC you are
talking about has essentially zero security (not quite but close to).
If you can get the OK from an auditor I sure wouldn't want to have my
business(or personel) records anywhere near the company.

Our Windows based server security is validated (and approved) by the
auditors using the same criteria as mainframe data -- demonstration of who
has access, audit trails, control of software and procedures etc.

Sorry to disappoint yoy this may be the case in a few shops but in all. I don't think so. I have experienced an auditor trying to do his job and he is twarted at every turn. The prima donna's of the PC world would be thrown out on their ears if there ever was a complete audit of a server and on top of that they would point the finger at the auditor telling them they don't know anything let alone what their server is doing.

The PC "gurus" have no idea what to do if you hand them a system dump and are asked what went wrong. The most they *MIGHT* do is to install the last OS. They do not really have a clue what goes on inside one of their precious servers. Given A MF sysprogrammer they can (usually) tell you exactly went wrong and why. Please note that some dumps are extremely complicated and it might take a week or so but usually a specific fix that is not on is the cure of the outage or some fix would have stopped the problem from reoccurring. Can your windows (or UNIIX) people do that? The standard answer is to reboot.

The list goes on and on. I am too tired to continue. Anyone ?

Ed


-Rob Wunderlich


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to listserv@xxxxxxxxxxx with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
.

Relevant Pages

  • RE: [OT] M$ collaborates with Suse
    ... Most hosting facilities do allow FrontPage and/or FTP access...FrontPage ... Remote Administration to an actual server can be done with a Terminal ... Secure Administration on the inside can be done with Scripting. ... decent free SSH Servers out there for Windows and I like freeSSHd. ...
    (Debian-User)
  • Re: Viruses
    ... were slow to ship systems that installed secure by default. ... I don't believe it has as many server listener ... practically any time you look at a Windows box sideways. ... users are more vulnerable than average linux users. ...
    (rec.photo.digital)
  • Re: "Shanghai Stock Exchange" and OpenVMS
    ... it infected the windows server above it. ... secure, but what is actually done in real life. ...
    (comp.os.vms)
  • Re: [OT] M$ collaborates with Suse
    ... Just remember this...your OS is only as secure as you are and if you do ... The main problem is that Windows' design facilitates bad security ... I agree that a competent admin can make a windows server ... if you setup a windows server ...
    (Debian-User)
  • Windows 2000 could best secure with secure Auditor.
    ... Windows 2000 could best secure with a new suite of software Secure ... windows password auditing, port scanning, windows inventory and asset ... Secure Auditor is also capable of performing audit on Oracle, ...
    (microsoft.public.win2000.active_directory)