Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: VAJ question.

From: "Webmaster" <webmaster () rbfcu org>
Date: Mon, 8 Jan 2001 11:38:32 -0600
Maddy,
This is getting to be a little like deja-vue? No?

Before answering this, see my postings to your other thread about the role
of a security administrator.  Having read my response there:

I don't have IBM blue running in my veins, but I've been messing with IBM
AS/400's heavy on the security for over 4 years.

My thoughts:


I wonder if anyone here has any experience with VAJ (IBM) ?


Not with VAJ, but other IBM products are similar in their thinking, or not
thinking...


From audit point of view, this role belongs to the system administrator
because of the highly operational tasks in managing the repo.

From the system admin perspective, the role goes to the security admin
due to tracking and accounting requirements ([1] there is only 1 repo
admin ID, [2] this ID cannot be shared and tracked since detailed
tracking is not practical due to system performance reasons and [3] this
ID holds too much power for an system admin to be responsible)

From the security point of view, this repo admin role has mixed system
and security administering responsibilities. That being the case,
perhaps the rules of accountability should be flexible and hence the ID
be shared.


Don't agree, put it *only* in the hands of the security guy.


I simply do not understand why IBM has such a product design and I had
the impression that IBM is a security-aware company. Any IBMers here ?
Pls ease my frustration and disappointment.


Now I get to rant a little.  Don't assume that because they are a *big*
company, that they have a clue about security.  When I started dealing with
IBM four years ago in the http/firewall arena, they're cluelessness was
laughable.  Also keep in mind that IBM has started contracting pieces of
software to other companies.  I think that's why we're seeing a lot of
inconsistency in the way each program may deal with security.

Bottom line, good luck and don't believe everything IBM tells you...

Later,
Michael Sorbera



_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: