RE: how we will program in the future

[rob@xxxxxxxxx]

Walden,

I wholeheartedly concur.  Most of the security issues are simply setup 
issues, like not allowing open SMTP relays, securing QSECOFR, proper use 
of firewalls, exit points, etc.

Rob Berendt
-- 
"They that can give up essential liberty to obtain a little temporary 
safety deserve neither liberty nor safety." 
Benjamin Franklin 




"Walden H. Leverich III" <WaldenL@xxxxxxxxxxxxxxx> 
Sent by: midrange-l-bounces@xxxxxxxxxxxx
11/10/2003 11:19 AM
Please respond to
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>


To
"'Midrange Systems Technical Discussion'" <midrange-l@xxxxxxxxxxxx>
cc

Subject
RE: how we will program in the future






>From: Joe Pluta [mailto:joepluta@xxxxxxxxxxxxxxxxx] 
>Now it's your turn: provide us a tangible example of a comparable 
>security breach in which OS/400 can be taken over.

>You won't be able to. 

I submit to the argument that: most machines are "hacked" and "taken over"
not because the hacker knew the correct string of 7613 bytes to send to a
port to get Windows to run injected code, but rather because the
administrator didn't properly secure the machine in the first place. 

I'm not saying that there are more security holes in Windows, I'm not 
saying
there aren't. What I'm saying is that we're arguing about whether the lock
on the back door can be picked too easily while we don't have a front 
door.

I've seen iSeries (and Windows) system (including some belonging to people
on this list) that have gaping security holes, not because of a bug in the
code, but because of a poor setup.

Look at the majority of Windows security bugs, with few (very few)
exceptions, a Windows web server sitting behind a properly secured 
firewall
on a well configured network would be immune to attack.

-Walden

------------
Walden H Leverich III
President
Tech Software
(516) 627-3800 x11
(208) 692-3308 eFax
WaldenL@xxxxxxxxxxxxxxx
http://www.TechSoftInc.com 

Quiquid latine dictum sit altum viditur.
(Whatever is said in Latin seems profound.)
 
-----Original Message-----
From: Joe Pluta [mailto:joepluta@xxxxxxxxxxxxxxxxx] 
Sent: Monday, November 10, 2003 10:58 AM
To: 'Midrange Systems Technical Discussion'
Subject: RE: how we will program in the future

> From: rob@xxxxxxxxx
> 
> Granted, you may be right, but, how do you know that none of the
> "integrity problem" ptf's didn't address the possibility that OS/400
could
> have been taken control of via the Internet?

And there might also be one that safeguarded against mind control.
There may also be code written into Windows that scans your retina and
taps your phone.  This sort of argument is pretty difficult to use for
anything except conspiracy theories.

Personally, I like facts better than supposition.  I provided an example
of the type of security breach Windows has.  Now it's your turn: provide
us a tangible example of a comparable security breach in which OS/400
can be taken over.

You won't be able to.

Joe

_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing 
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing 
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.