JES provides the system programmer with several opportunities to subvert the system, including:
JES uses one‑ to eight‑character names to identify and control its local and remote readers. CA Top Secret can use the names to allow for restricted use of sensitive or remote readers and to provide SOURCE control for selected ACIDs. If these names are changed, security for them is defeated. Ensure the integrity of these names both internally in the machine, and externally in the terminal definition files.
JES does not encrypt or eliminate job passwords in the JCT section of the SYS1.HASPCKPT data set unless the early verify feature is used. Although TSO commands (such as QUEUE and SDSF) allow viewing of spooled input and output, they do not allow viewing of JCT entries. The system programmer can modify these programs to access and display JCT information. Restrict the use or modification of these commands, or security modifications included, to limit exposures.
|
Copyright © 2010 CA Technologies.
All rights reserved.
|
|