• Subject: RE: Fw: Rewarding challenge AS/400...
  • From: mcrump@xxxxxxxxxxxxxx
  • Date: Tue, 21 Sep 1999 11:12:51 -0500



David makes some great points.....

We have a security policy that states that we will disable a profile that has
not been used within 30 days and will delete it after an additional 60
days.....we follow it religously.  We have deleted the VP of IT......

It still helps to be notified of employee changes and terminations but as a
fallback regular checking and a policy can be beneficial.

The security tools can give you reports to manage this or even do it
automatically.  As far as shared ID's I'm not sure there is much one can do
about it.....




"Kahn, David [JNJFR]" <DKahn1@JNJFR.JNJ.com> on 09/21/99 03:20:58 AM

Please respond to MIDRANGE-L@midrange.com

To:   "'MIDRANGE-L@midrange.com'" <MIDRANGE-L@midrange.com>
cc:    (bcc: Mike Crump/IS/Ball-Foster)

Subject:  RE: Fw: Rewarding challenge AS/400...



Jim,

I think the only thing you can do is to audit your user profiles on an
on-going basis. Set yourself a timescale to get through them all, then
parcel them up into so many per week or per month. When you get to the end
start again at the beginning and repeat indefinitely. It's a PITA for you
and irritating for your users but in the light of...

>I then took a list of our users to our head accounting person/person
>in charge and asked them who still worked here.  She didn't know.

... I don't see any realistic alternative. You might be able to verify
against active security badges or something like that, but that's just
another system with its own set of holes.

John Earl's recent posting "AS/400 on alt.hacker" graphically illustrates
the weakness inherent in assuming active account = good account. It might
also be a good idea to check for multiple concurrent sessions by user
profile. This can also give you an indication that profiles are being
shared.

Dave Kahn
Johnson & Johnson International (Ethicon) France
Phone : +33 1 55 00 3180
Email :  dkahn1@jnjfr.jnj.com (work)
        dkahn@cix.co.uk      (home)







+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.