Hosting Provided By

Re: z/OS, OS/390 Pen testing tips/ideas/papers?

From: <Torbjorn.Wictorin(at)its.uu.se>
Date: Thu Jan 30 2003 - 15:06:16 EST

OS/390 (MVS (MVT)) etc is rather safe compared to some other systems. That given that the configuration of the security system is well implemented. You can give access to specific datasets for a specific user running a specific program etc. Also, you can log about _everything_ that happens.

However, there are some shortcuts which you perhaps could discuss with some experienced system(s) programmer at the site in question, like 'backdoors' installed in order to make things easy to use etc.

Origin of 390 is from the time when many read the assembler listings carefully before installing any priviledged program and therefore has a rather in-depth knowledge of what happens in the OS.

Probably the system programmer(s) are the largest risk factor.

Torbjörn Wictorin, Uppsala university.

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ Received on Thu Jan 30 15:23:12 2003

This message: [ Message body ]
Next message: Steven Lane: "RE: z/OS, OS/390 Pen testing tips/ideas/papers?"
Previous message: Davi Ottenheimer: "RE: z/OS, OS/390 Pen testing tips/ideas/papers?"
In reply to: visigoth: "Re: z/OS, OS/390 Pen testing tips/ideas/papers?"
Next in thread: Steven Lane: "RE: z/OS, OS/390 Pen testing tips/ideas/papers?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:31 EDT