-
May 3rd, 2005, 08:52 PM
#1
Member
Re-post: Mainframe Security
Ola:
Wondering if anyone has worked with the Stratus VOS and knows of security analyzing tools for this OS and/or mainframes in general. My experience with this platform is zip, but we found out that a Stratus box is on-site and we were tasked to check it out.
This is a re-post from thread:
http://www.antionline.com/showthread...hreadid=267975
- but it was suggested that I also post here to garner more responses.
In advance,
Gracias.
-
May 3rd, 2005, 09:48 PM
#2
Have you googled lately??
Most mainframes are now a part of larger networks...where the user is first authenticated by another OS...and then that resource becomes available to them depending on username\password.
Also it depends on where this mainframe is....and how the network is setup.
My experience with mainframes is from a VERY long time ago....where only machines with a second NIC could access the mainframe..........physical security
But then again...I could usually find a password somewhere...either on a postie, or written in marker on the monitor.....
I guess I just want to express...security is not only about OS and APP vulnerabilities...theres the user ...your weakest link.
So a good solid security and password policy will go a long way....and multiple pass..phrases\words...one for the network, one for the main frame etc
I would contact the vendor, do searches on google, try and find a related discussion group...and read, read, read as much about the mainframe\app
And maybe add some security layers routers, AD...etc
so the resource is not available to people that dont need it...
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
May 5th, 2005, 08:42 PM
#3
Member
Ola:
Thanks for the response back.
Did google right after I posted. Did not find much - except for some default accounts - and we checked them - and the users did the right thing - well because the machine made them - but the default passwords were changed. Also they have segrated duties from developer and admins, which last year they did not have - so a good step there.
Also - we have been talking with the SA people and the developers about the user security bit and seeing what we can learn.
Good idea about the physical security - we'll take a walk over to the developers area and see what we can see.
Gracias.
-
May 5th, 2005, 11:51 PM
#4
What are you doing for them? CISP? SDM? SOx?
Just curious. Puiqed my professional interest.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
May 6th, 2005, 09:29 PM
#5
Member
Ola:
What are you doing for them? CISP? SDM? SOx?
Just curious. Puiqed my professional interest.
No problem. It's a, it's a.... AUDIT! Aauugh! As Homer would say "Run for the hills Ma Barker!" Well, most people tend to get a bit squeamish when we mention what we do.
We were testing their systems then reporting back what we found.
Gracias.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|