Re: z/OS, OS/390 Pen testing tips/ideas/papers?

From: Torbjorn.Wictorin@its.uu.se
Date: 01/30/03

Next message: Steven Lane: "RE: z/OS, OS/390 Pen testing tips/ideas/papers?"

Previous message: Davi Ottenheimer: "RE: z/OS, OS/390 Pen testing tips/ideas/papers?"
In reply to: visigoth: "Re: z/OS, OS/390 Pen testing tips/ideas/papers?"
Next in thread: Steven Lane: "RE: z/OS, OS/390 Pen testing tips/ideas/papers?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 30 Jan 2003 21:06:16 +0100 (CET)
From: Torbjorn.Wictorin@its.uu.se
To: Nick Jacobsen <nick@ethicsdesign.com>

OS/390 (MVS (MVT)) etc is rather safe compared to some other systems.
That given that the configuration of the security system is well
implemented. You can give access to specific datasets for a specific user
running a specific program etc. Also, you can log about _everything_ that
happens.

However, there are some shortcuts which you perhaps could discuss with
some experienced system(s) programmer at the site in question, like
'backdoors' installed in order to make things easy to use etc.

Origin of 390 is from the time when many read the assembler listings
carefully before installing any priviledged program and therefore has
a rather in-depth knowledge of what happens in the OS.

Probably the system programmer(s) are the largest risk factor.

Torbjörn Wictorin, Uppsala university.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Steven Lane: "RE: z/OS, OS/390 Pen testing tips/ideas/papers?"
Previous message: Davi Ottenheimer: "RE: z/OS, OS/390 Pen testing tips/ideas/papers?"
In reply to: visigoth: "Re: z/OS, OS/390 Pen testing tips/ideas/papers?"
Next in thread: Steven Lane: "RE: z/OS, OS/390 Pen testing tips/ideas/papers?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

IT Security Administrator in Bend, OR
... workstations as well as physical security for I/T systems. ... manages network security software and hardware. ... Extensive experience with Windows 2000/2003 servers and Exchange ... Two years experience configuring, installing and implementing VMWare ...
(comp.arch)
Re: Security Update for MS XML Core Services 4.0 Service Pack 2(KB
... Security Update installed on my PC on 4/17 (it was the day after I saw the ... But, after the Re-boot, Windows Update showed KB941833 as an Available ... You asked me to Post the name of the Security Software; ... keep installing and Updated to Vista Home Prem SP1 ...
(microsoft.public.windowsupdate)
RE: SQL
... Subject: SQL ... >> This list is provided by the SecurityFocus Security ... For more information on SecurityFocus' SIA service which ... >This list is provided by the SecurityFocus Security Intelligence Alert ...
(Pen-Test)
RE: Insurance
... property--data beign deemed "intangible" for the purposes of insurance. ... for physical security testing there are often 3rd parties ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
(Pen-Test)
Re: Yet more Windows XP security patches
... Alias wrote: ... >> otherhand it may keep your computer up and running by not installing ... >>> A security issue has been identified in the Plug and Play service ... >>> your computer by installing this update from Microsoft. ...
(microsoft.public.windowsxp.general)