Firewall Wizards mailing list archives
Re: VAJ question.
From: "Webmaster" <webmaster () rbfcu org>
Date: Mon, 8 Jan 2001 11:38:32 -0600
Maddy, This is getting to be a little like deja-vue? No? Before answering this, see my postings to your other thread about the role of a security administrator. Having read my response there: I don't have IBM blue running in my veins, but I've been messing with IBM AS/400's heavy on the security for over 4 years. My thoughts:
I wonder if anyone here has any experience with VAJ (IBM) ?
Not with VAJ, but other IBM products are similar in their thinking, or not thinking...
From audit point of view, this role belongs to the system administrator because of the highly operational tasks in managing the repo. From the system admin perspective, the role goes to the security admin due to tracking and accounting requirements ([1] there is only 1 repo admin ID, [2] this ID cannot be shared and tracked since detailed tracking is not practical due to system performance reasons and [3] this ID holds too much power for an system admin to be responsible) From the security point of view, this repo admin role has mixed system and security administering responsibilities. That being the case, perhaps the rules of accountability should be flexible and hence the ID be shared.
Don't agree, put it *only* in the hands of the security guy.
I simply do not understand why IBM has such a product design and I had the impression that IBM is a security-aware company. Any IBMers here ? Pls ease my frustration and disappointment.
Now I get to rant a little. Don't assume that because they are a *big* company, that they have a clue about security. When I started dealing with IBM four years ago in the http/firewall arena, they're cluelessness was laughable. Also keep in mind that IBM has started contracting pieces of software to other companies. I think that's why we're seeing a lot of inconsistency in the way each program may deal with security. Bottom line, good luck and don't believe everything IBM tells you... Later, Michael Sorbera _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- VAJ question. Maddy (Jan 08)
- Re: VAJ question. Webmaster (Jan 08)