CA Top Secret controls prevent many forms of subversion, including preventing penetration by password and ACID‑guessing programs on personal computers.
Users can be fooled into disclosing their passwords. One ploy uses a program that simulates a VTAM/TCAM solicitation screen that accepts ACID and passwords, stores them in a data set, then informs the user that the system is down. This is accomplished without the program having to become privileged and by using standard TSO.
This exposure is more evident in environments where terminals are shared among several users. The most effective means of minimizing this type of subversion is to restrict users to specific terminals using SOURCE restrictions.
|
Copyright © 2010 CA Technologies.
All rights reserved.
|
|