Discussion:
Security PTFS
(too old to reply)
גדי בן אבי
2018-01-03 12:17:35 UTC
Permalink
Hi,

Does IBM publish a list of PTF’s that are related to security, especially preventing unauthorized access from outside the mainframe.

Gadi
לתשומת ליבך, בהתאם לנהלי חברת מלם מערכות בע"מ ו/או כל חברת בת ו/או חברה קשורה שלה (להלן : "החברה") וזכויות החתימה בהן, כל הצעה, התחייבות או מצג מטעם החברה, מחייבים מסמך נפרד וחתום על ידי מורשי החתימה של החברה, הנושא את לוגו החברה או שמה המודפס ובצירוף חותמת החברה. בהעדר מסמך כאמור (לרבות מסמך סרוק) המצורף להודעת דואר אלקטרוני זאת, אין לראות באמור בהודעה אלא משום טיוטה לדיון, ואין להסתמך עליה לביצוע פעולה עסקית או משפטית כלשהי. Please note that in accordance with Malam and/or its subsidiaries (hereinafter : "Malam") regulations and signatory rights, no offer, agreement, concession or representation is binding on the Malam, unless accompanied by a duly signed separate document (or a scanned version thereof), affixed with the Malam seal.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
John Eells
2018-01-03 12:26:59 UTC
Permalink
Post by גדי בן אבי
Hi,
Does IBM publish a list of PTF’s that are related to security, especially preventing unauthorized access from outside the mainframe.
No. My understanding is that our clients have asked us (emphatically)
not to do that. Please go here, and follow the link to register for the
portal:

https://www.ibm.com/it-infrastructure/z/capabilities/system-integrity

Once you are registered, this will allow you to get the lists, CVSS
scores, and HOLDDATA you can use to identify missing security fixes.
--
John Eells
IBM Poughkeepsie
***@us.ibm.com

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Mark Jacobs - Listserv
2018-01-03 12:27:58 UTC
Permalink
The Security and Integrity Portal on ResourceLink should have what
you're looking for.
January 3, 2018 at 7:18 AM
Hi,
Does IBM publish a list of PTF’s that are related to security,
especially preventing unauthorized access from outside the mainframe.
Gadi
לתשומת ליבך, בהתאם לנהלי חברת מלם מערכות בע"מ ו/או כל חברת בת ו/או
חברה קשורה שלה (להלן : "החברה") וזכויות החתימה בהן, כל הצעה, התחייבות
או מצג מטעם החברה, מחייבים מסמך נפרד וחתום על ידי מורשי החתימה של
החברה, הנושא את לוגו החברה או שמה המודפס ובצירוף חותמת החברה. בהעדר
מסמך כאמור (לרבות מסמך סרוק) המצורף להודעת דואר אלקטרוני זאת, אין
לראות באמור בהודעה אלא משום טיוטה לדיון, ואין להסתמך עליה לביצוע פעולה
עסקית או משפטית כלשהי. Please note that in accordance with Malam
and/or its subsidiaries (hereinafter : "Malam") regulations and
signatory rights, no offer, agreement, concession or representation is
binding on the Malam, unless accompanied by a duly signed separate
document (or a scanned version thereof), affixed with the Malam seal.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
Please be alert for any emails that may ask you for login information
or directs you to login via a link. If you believe this message is a
phish or aren't sure whether this message is trustworthy, please send
--
Mark Jacobs
Time Customer Service
Global Technology Services

The standard you walk past is the standard you accept.
Lt. Gen. David Morrison


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Jousma, David
2018-01-03 12:51:19 UTC
Permalink
Yes, and works relatively well. The problem is our audit/risk people here want to try to tie commonly known vulnerabilities in the wild identified on windows/unix platforms to specific actions/fixes in the mainframe space. I have not figured out a way to do that. So, while we are in a maintenance cycle, I regularly download/receive the z/OS Security/Integrity ASSIGNS, and then apply those PTF's flagged with SOURCEID SECINT. I show them proof that we've done this, and so far they have been good with that.

_________________________________________________________________
Dave Jousma
Manager Mainframe Engineering, Assistant Vice President
***@53.com
1830 East Paris, Grand Rapids, MI  49546 MD RSCB2H
p 616.653.8429
f 616.653.2717

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of Mark Jacobs - Listserv
Sent: Wednesday, January 03, 2018 7:29 AM
To: IBM-***@LISTSERV.UA.EDU
Subject: Re: Security PTFS

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected emails**

The Security and Integrity Portal on ResourceLink should have what you're looking for.
January 3, 2018 at 7:18 AM
Hi,
Does IBM publish a list of PTF’s that are related to security,
especially preventing unauthorized access from outside the mainframe.
Gadi
לתשומת ליבך, בהתאם לנהלי חברת מלם מערכות בע"מ ו/או כל חברת בת ו/או
חברה קשורה שלה (להלן : "החברה") וזכויות החתימה בהן, כל הצעה, התחייבות
או מצג מטעם החברה, מחייבים מסמך נפרד וחתום על ידי מורשי החתימה של
החברה, הנושא את לוגו החברה או שמה המודפס ובצירוף חותמת החברה. בהעדר
מסמך כאמור (לרבות מסמך סרוק) המצורף להודעת דואר אלקטרוני זאת, אין
לראות באמור בהודעה אלא משום טיוטה לדיון, ואין להסתמך עליה לביצוע פעולה
עסקית או משפטית כלשהי. Please note that in accordance with Malam
and/or its subsidiaries (hereinafter : "Malam") regulations and
signatory rights, no offer, agreement, concession or representation is
binding on the Malam, unless accompanied by a duly signed separate
document (or a scanned version thereof), affixed with the Malam seal.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send
Please be alert for any emails that may ask you for login information
or directs you to login via a link. If you believe this message is a
phish or aren't sure whether this message is trustworthy, please send
--
Mark Jacobs
Time Customer Service
Global Technology Services

The standard you walk past is the standard you accept.
Lt. Gen. David Morrison


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN **CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected emails**

This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Sankaranarayanan, Vignesh
2018-01-03 13:41:08 UTC
Permalink
You can also consider 'open' components such as Java, IBM HTTP Server for Apache, and OpenSSL etc. (part of Ported Tools).

– Vignesh
Mainframe Infrastructure

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of Jousma, David
Sent: 03 January 2018 18:22
To: IBM-***@LISTSERV.UA.EDU
Subject: Re: Security PTFS

Yes, and works relatively well. The problem is our audit/risk people here want to try to tie commonly known vulnerabilities in the wild identified on windows/unix platforms to specific actions/fixes in the mainframe space. I have not figured out a way to do that. So, while we are in a maintenance cycle, I regularly download/receive the z/OS Security/Integrity ASSIGNS, and then apply those PTF's flagged with SOURCEID SECINT. I show them proof that we've done this, and so far they have been good with that.

_________________________________________________________________
Dave Jousma
Manager Mainframe Engineering, Assistant Vice President ***@53.com
1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of Mark Jacobs - Listserv
Sent: Wednesday, January 03, 2018 7:29 AM
To: IBM-***@LISTSERV.UA.EDU
Subject: Re: Security PTFS

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected emails**

The Security and Integrity Portal on ResourceLink should have what you're looking for.
January 3, 2018 at 7:18 AM
Hi,
Does IBM publish a list of PTF’s that are related to security,
especially preventing unauthorized access from outside the mainframe.
Gadi
לתשומת ליבך, בהתאם לנהלי חברת מלם מערכות בע"מ ו/או כל חברת בת ו/או
חברה קשורה שלה (להלן : "החברה") וזכויות החתימה בהן, כל הצעה, התחייבות
או מצג מטעם החברה, מחייבים מסמך נפרד וחתום על ידי מורשי החתימה של
החברה, הנושא את לוגו החברה או שמה המודפס ובצירוף חותמת החברה. בהעדר
מסמך כאמור (לרבות מסמך סרוק) המצורף להודעת דואר אלקטרוני זאת, אין
לראות באמור בהודעה אלא משום טיוטה לדיון, ואין להסתמך עליה לביצוע פעולה
עסקית או משפטית כלשהי. Please note that in accordance with Malam
and/or its subsidiaries (hereinafter : "Malam") regulations and
signatory rights, no offer, agreement, concession or representation is
binding on the Malam, unless accompanied by a duly signed separate
document (or a scanned version thereof), affixed with the Malam seal.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send
Please be alert for any emails that may ask you for login information
or directs you to login via a link. If you believe this message is a
phish or aren't sure whether this message is trustworthy, please send
--

Mark Jacobs
Time Customer Service
Global Technology Services

The standard you walk past is the standard you accept.
Lt. Gen. David Morrison


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN **CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected emails**

This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

MARKSANDSPENCER.COM
________________________________
Unless otherwise stated above:
Marks and Spencer plc
Registered Office:
Waterside House
35 North Wharf Road
London
W2 1NW

Registered No. 214436 in England and Wales.

Telephone (020) 7935 4422
Facsimile (020) 7487 2670

www.marksandspencer.com

Please note that electronic mail may be monitored.

This e-mail is confidential. If you received it by mistake, please let us know and then delete it from your system; you should not copy, disclose, or distribute its contents to anyone nor act in reliance on this e-mail, as this is prohibited and may be unlawful.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Sankaranarayanan, Vignesh
2018-01-03 14:16:05 UTC
Permalink
Hi,

Sorry, please ignore my earlier comment.
Just realising that PTFs for those components also will be covered under the SECINT portal's publications.

– Vignesh
Mainframe Infrastructure

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of Sankaranarayanan, Vignesh
Sent: 03 January 2018 19:12
To: IBM-***@LISTSERV.UA.EDU
Subject: Re: Security PTFS

You can also consider 'open' components such as Java, IBM HTTP Server for Apache, and OpenSSL etc. (part of Ported Tools).

– Vignesh
Mainframe Infrastructure

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of Jousma, David
Sent: 03 January 2018 18:22
To: IBM-***@LISTSERV.UA.EDU
Subject: Re: Security PTFS

Yes, and works relatively well. The problem is our audit/risk people here want to try to tie commonly known vulnerabilities in the wild identified on windows/unix platforms to specific actions/fixes in the mainframe space. I have not figured out a way to do that. So, while we are in a maintenance cycle, I regularly download/receive the z/OS Security/Integrity ASSIGNS, and then apply those PTF's flagged with SOURCEID SECINT. I show them proof that we've done this, and so far they have been good with that.

_________________________________________________________________
Dave Jousma
Manager Mainframe Engineering, Assistant Vice President ***@53.com
1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of Mark Jacobs - Listserv
Sent: Wednesday, January 03, 2018 7:29 AM
To: IBM-***@LISTSERV.UA.EDU
Subject: Re: Security PTFS

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected emails**

The Security and Integrity Portal on ResourceLink should have what you're looking for.
January 3, 2018 at 7:18 AM
Hi,
Does IBM publish a list of PTF’s that are related to security,
especially preventing unauthorized access from outside the mainframe.
Gadi
לתשומת ליבך, בהתאם לנהלי חברת מלם מערכות בע"מ ו/או כל חברת בת ו/או
חברה קשורה שלה (להלן : "החברה") וזכויות החתימה בהן, כל הצעה, התחייבות
או מצג מטעם החברה, מחייבים מסמך נפרד וחתום על ידי מורשי החתימה של
החברה, הנושא את לוגו החברה או שמה המודפס ובצירוף חותמת החברה. בהעדר
מסמך כאמור (לרבות מסמך סרוק) המצורף להודעת דואר אלקטרוני זאת, אין
לראות באמור בהודעה אלא משום טיוטה לדיון, ואין להסתמך עליה לביצוע פעולה
עסקית או משפטית כלשהי. Please note that in accordance with Malam
and/or its subsidiaries (hereinafter : "Malam") regulations and
signatory rights, no offer, agreement, concession or representation is
binding on the Malam, unless accompanied by a duly signed separate
document (or a scanned version thereof), affixed with the Malam seal.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send
Please be alert for any emails that may ask you for login information
or directs you to login via a link. If you believe this message is a
phish or aren't sure whether this message is trustworthy, please send
--

Mark Jacobs
Time Customer Service
Global Technology Services

The standard you walk past is the standard you accept.
Lt. Gen. David Morrison


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN **CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected emails**

This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

MARKSANDSPENCER.COM
________________________________
Unless otherwise stated above:
Marks and Spencer plc
Registered Office:
Waterside House
35 North Wharf Road
London
W2 1NW

Registered No. 214436 in England and Wales.

Telephone (020) 7935 4422
Facsimile (020) 7487 2670

www.marksandspencer.com

Please note that electronic mail may be monitored.

This e-mail is confidential. If you received it by mistake, please let us know and then delete it from your system; you should not copy, disclose, or distribute its contents to anyone nor act in reliance on this e-mail, as this is prohibited and may be unlawful.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Seymour J Metz
2018-01-03 18:03:50 UTC
Permalink
I don't see how IBM could provide those data without compromising shops that have not yet installed the PTF. Certainly when I submit whatever the current name for an ETR is, I ask IBM to withhold any compromising details on, e.g., the START command.


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3

________________________________________
From: IBM Mainframe Discussion List <IBM-***@listserv.ua.edu> on behalf of Jousma, David <***@53.COM>
Sent: Wednesday, January 3, 2018 7:52 AM
To: IBM-***@listserv.ua.edu
Subject: Re: Security PTFS

Yes, and works relatively well. The problem is our audit/risk people here want to try to tie commonly known vulnerabilities in the wild identified on windows/unix platforms to specific actions/fixes in the mainframe space. I have not figured out a way to do that. So, while we are in a maintenance cycle, I regularly download/receive the z/OS Security/Integrity ASSIGNS, and then apply those PTF's flagged with SOURCEID SECINT. I show them proof that we've done this, and so far they have been good with that.

_________________________________________________________________
Dave Jousma
Manager Mainframe Engineering, Assistant Vice President
***@53.com
1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H
p 616.653.8429
f 616.653.2717

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of Mark Jacobs - Listserv
Sent: Wednesday, January 03, 2018 7:29 AM
To: IBM-***@LISTSERV.UA.EDU
Subject: Re: Security PTFS

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected emails**

The Security and Integrity Portal on ResourceLink should have what you're looking for.
January 3, 2018 at 7:18 AM
Hi,
Does IBM publish a list of PTF’s that are related to security,
especially preventing unauthorized access from outside the mainframe.
Gadi
לתשומת ליבך, בהתאם לנהלי חברת מלם מערכות בע"מ ו/או כל חברת בת ו/או
חברה קשורה שלה (להלן : "החברה") וזכויות החתימה בהן, כל הצעה, התחייבות
או מצג מטעם החברה, מחייבים מסמך נפרד וחתום על ידי מורשי החתימה של
החברה, הנושא את לוגו החברה או שמה המודפס ובצירוף חותמת החברה. בהעדר
מסמך כאמור (לרבות מסמך סרוק) המצורף להודעת דואר אלקטרוני זאת, אין
לראות באמור בהודעה אלא משום טיוטה לדיון, ואין להסתמך עליה לביצוע פעולה
עסקית או משפטית כלשהי. Please note that in accordance with Malam
and/or its subsidiaries (hereinafter : "Malam") regulations and
signatory rights, no offer, agreement, concession or representation is
binding on the Malam, unless accompanied by a duly signed separate
document (or a scanned version thereof), affixed with the Malam seal.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send
Please be alert for any emails that may ask you for login information
or directs you to login via a link. If you believe this message is a
phish or aren't sure whether this message is trustworthy, please send
--

Mark Jacobs
Time Customer Service
Global Technology Services

The standard you walk past is the standard you accept.
Lt. Gen. David Morrison


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN **CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected emails**

This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Elardus Engelbrecht
2018-01-03 13:45:15 UTC
Permalink
Does IBM publish a list of PTFs that are related to security,
Sort of, but you got good replies, especially from J Eels who kindly posted an URL for you.

You can also subscribe to "Red Alerts" and you will get emails in case there is an "Red Alert".

If I remember correctly, even things like "heart bleed" for OpenSSL (Ported Tools) and so on were covered in those "Red Alert".

Of course, IBM will not tell you exactly what type of errors/problems are fixed or how it was discovered in the first place. They usually just say this: "Here is a fix, apply it.".
especially preventing unauthorized access from outside the mainframe.
What access do you want to prevent? There are several layers of protection available starting at firewalls in your enterprise, then firewalls and correct TCP/IP settings (SSL, lockup of ports, etc.) on your mainframe. RACF and application security are other layers.

Groete / Greetings
Elardus Engelbrecht

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Jousma, David
2018-01-03 14:02:36 UTC
Permalink
You are right, IBM doesn’t tell us, nor do I really need them too. My only wish was that if a PTF is flagged for SECINT, and I click on the associated APAR link, that I'd get some kind of APAR information, not just "document cannot be found".

_________________________________________________________________
Dave Jousma
Manager Mainframe Engineering, Assistant Vice President
***@53.com
1830 East Paris, Grand Rapids, MI  49546 MD RSCB2H
p 616.653.8429
f 616.653.2717


-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of Elardus Engelbrecht
Sent: Wednesday, January 03, 2018 8:47 AM
To: IBM-***@LISTSERV.UA.EDU
Subject: Re: Security PTFS

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected emails**
Does IBM publish a list of PTFs that are related to security,
Sort of, but you got good replies, especially from J Eels who kindly posted an URL for you.

You can also subscribe to "Red Alerts" and you will get emails in case there is an "Red Alert".

If I remember correctly, even things like "heart bleed" for OpenSSL (Ported Tools) and so on were covered in those "Red Alert".

Of course, IBM will not tell you exactly what type of errors/problems are fixed or how it was discovered in the first place. They usually just say this: "Here is a fix, apply it.".
especially preventing unauthorized access from outside the mainframe.
What access do you want to prevent? There are several layers of protection available starting at firewalls in your enterprise, then firewalls and correct TCP/IP settings (SSL, lockup of ports, etc.) on your mainframe. RACF and application security are other layers.

Groete / Greetings
Elardus Engelbrecht

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN **CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected emails**

This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
ITschak Mugzach
2018-01-03 14:15:14 UTC
Permalink
Red alery?
Post by Jousma, David
You are right, IBM doesn’t tell us, nor do I really need them too. My
only wish was that if a PTF is flagged for SECINT, and I click on the
associated APAR link, that I'd get some kind of APAR information, not just
"document cannot be found".
_________________________________________________________________
Dave Jousma
Manager Mainframe Engineering, Assistant Vice President
1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H
p 616.653.8429
f 616.653.2717
-----Original Message-----
Behalf Of Elardus Engelbrecht
Sent: Wednesday, January 03, 2018 8:47 AM
Subject: Re: Security PTFS
**CAUTION EXTERNAL EMAIL**
**DO NOT open attachments or click on links from unknown senders or unexpected emails**
Does IBM publish a list of PTFs that are related to security,
Sort of, but you got good replies, especially from J Eels who kindly posted an URL for you.
You can also subscribe to "Red Alerts" and you will get emails in case
there is an "Red Alert".
If I remember correctly, even things like "heart bleed" for OpenSSL
(Ported Tools) and so on were covered in those "Red Alert".
Of course, IBM will not tell you exactly what type of errors/problems are
fixed or how it was discovered in the first place. They usually just say
this: "Here is a fix, apply it.".
especially preventing unauthorized access from outside the mainframe.
What access do you want to prevent? There are several layers of protection
available starting at firewalls in your enterprise, then firewalls and
correct TCP/IP settings (SSL, lockup of ports, etc.) on your mainframe.
RACF and application security are other layers.
Groete / Greetings
Elardus Engelbrecht
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email
EXTERNAL EMAIL**
**DO NOT open attachments or click on links from unknown senders or unexpected emails**
This e-mail transmission contains information that is confidential and may
be privileged. It is intended only for the addressee(s) named above. If
you receive this e-mail in error, please do not read, copy or disseminate
it in any manner. If you are not the intended recipient, any disclosure,
copying, distribution or use of the contents of this information is
prohibited. Please reply to the message immediately by informing the sender
that the message was misdirected. After replying, please erase it from your
computer system. Your assistance in correcting this error is appreciated.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Jesse 1 Robinson
2018-01-04 02:03:58 UTC
Permalink
In describing this process to 'outsiders', I use the analogy of a broken door lock. Locksmith cannot come right away. So you put up a sign saying that the door cannot be locked, but it's only temporary. You apologize for the any inconvenience.

Not.

.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler
SHARE MVS Program Co-Manager
323-715-0595 Mobile
626-543-6132 Office ⇐=== NEW
***@sce.com

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of Seymour J Metz
Sent: Wednesday, January 03, 2018 10:05 AM
To: IBM-***@LISTSERV.UA.EDU
Subject: (External):Re: Security PTFS

I don't see how IBM could provide those data without compromising shops that have not yet installed the PTF. Certainly when I submit whatever the current name for an ETR is, I ask IBM to withhold any compromising details on, e.g., the START command.


--
Shmuel (Seymour J.) Metz
http://mason.gmu.edu/~smetz3

________________________________________
From: IBM Mainframe Discussion List <IBM-***@listserv.ua.edu> on behalf of Jousma, David <***@53.COM>
Sent: Wednesday, January 3, 2018 7:52 AM
To: IBM-***@listserv.ua.edu
Subject: Re: Security PTFS

Yes, and works relatively well. The problem is our audit/risk people here want to try to tie commonly known vulnerabilities in the wild identified on windows/unix platforms to specific actions/fixes in the mainframe space. I have not figured out a way to do that. So, while we are in a maintenance cycle, I regularly download/receive the z/OS Security/Integrity ASSIGNS, and then apply those PTF's flagged with SOURCEID SECINT. I show them proof that we've done this, and so far they have been good with that.

_________________________________________________________________
Dave Jousma
Manager Mainframe Engineering, Assistant Vice President ***@53.com
1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of Mark Jacobs - Listserv
Sent: Wednesday, January 03, 2018 7:29 AM
To: IBM-***@LISTSERV.UA.EDU
Subject: Re: Security PTFS

**CAUTION EXTERNAL EMAIL**

**DO NOT open attachments or click on links from unknown senders or unexpected emails**

The Security and Integrity Portal on ResourceLink should have what you're looking for.
January 3, 2018 at 7:18 AM
Hi,
Does IBM publish a list of PTF’s that are related to security,
especially preventing unauthorized access from outside the mainframe.
Gadi
<snip>

Mark Jacobs
Time Customer Service
Global Technology Services

The standard you walk past is the standard you accept.
Lt. Gen. David Morrison


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Loading...