Results 1 to 5 of 5

Thread: Re-post: Mainframe Security

  1. #1

    Re-post: Mainframe Security

    Ola:

    Wondering if anyone has worked with the Stratus VOS and knows of security analyzing tools for this OS and/or mainframes in general. My experience with this platform is zip, but we found out that a Stratus box is on-site and we were tasked to check it out.

    This is a re-post from thread:

    http://www.antionline.com/showthread...hreadid=267975

    - but it was suggested that I also post here to garner more responses.

    In advance,

    Gracias.

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Have you googled lately??

    Most mainframes are now a part of larger networks...where the user is first authenticated by another OS...and then that resource becomes available to them depending on username\password.

    Also it depends on where this mainframe is....and how the network is setup.

    My experience with mainframes is from a VERY long time ago....where only machines with a second NIC could access the mainframe..........physical security

    But then again...I could usually find a password somewhere...either on a postie, or written in marker on the monitor.....

    I guess I just want to express...security is not only about OS and APP vulnerabilities...theres the user ...your weakest link.

    So a good solid security and password policy will go a long way....and multiple pass..phrases\words...one for the network, one for the main frame etc

    I would contact the vendor, do searches on google, try and find a related discussion group...and read, read, read as much about the mainframe\app

    And maybe add some security layers routers, AD...etc

    so the resource is not available to people that dont need it...

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    Ola:

    Thanks for the response back.

    Did google right after I posted. Did not find much - except for some default accounts - and we checked them - and the users did the right thing - well because the machine made them - but the default passwords were changed. Also they have segrated duties from developer and admins, which last year they did not have - so a good step there.

    Also - we have been talking with the SA people and the developers about the user security bit and seeing what we can learn.

    Good idea about the physical security - we'll take a walk over to the developers area and see what we can see.

    Gracias.

  4. #4
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    What are you doing for them? CISP? SDM? SOx?

    Just curious. Puiqed my professional interest.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  5. #5
    Ola:

    What are you doing for them? CISP? SDM? SOx?

    Just curious. Puiqed my professional interest.
    No problem. It's a, it's a.... AUDIT! Aauugh! As Homer would say "Run for the hills Ma Barker!" Well, most people tend to get a bit squeamish when we mention what we do.

    We were testing their systems then reporting back what we found.

    Gracias.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •