[Info-vax] Problem with Filezilla connecting to OpenVMS

Stephen Hoffman seaohveh at hoffmanlabs.invalid
Mon Dec 10 00:26:05 EST 2018 

On 2018-12-10 04:07:32 +0000, Kerry Main said:

> The OpenVMS Customers you are talking about are, in most cases, very 
> seasoned and experienced professionals. They take their roles serious.

Based on the direct feedback I've received from a number of attendees 
at the various OpenVMS security sessions I've presented in recent 
years—and while the attendees most definitely take their roles 
seriously—there's not much in the way of security-related information 
around OpenVMS, and around the sorts of shenanigans that are arising in 
networks.  And the feedback received after presenting to these rooms 
full of those seasoned and experienced OpenVMS professionals?  More 
than a few of the attendees later commented that they'd had their eyes 
opened at what's going on.  And the OpenVMS doc here is severely 
lacking, at best.

And if anyone here is hypothetically dealing with a staff that is very 
familiar with OpenVMS security and with general system and app and 
network security issues, it is still foolhardy not to confirm each and 
every security issue found.  The technical staff might or might not 
realize the specific risk or specific exposure even exists.  For 
whoever might find the issue, they don't want to end up owning the 
fallout from a previously-unrecognized exposure, either.  Log the 
concern or the vulnerability in the issue tracker, or in the 
communications, or whatever the appropriate channel might be.  Then the 
seasoned and experienced OpenVMS professionals—or the folks that have 
taken over management and operations of the servers when the original 
OpenVMS staff all retired, as also happens—can make the appropriate 
local decisions and trade-offs.

And this all also presumes that the management folks involved are 
playing on the level.  Most do, of course.  But some management folks 
can seek to shift blame away from themselves and their decisions and 
their organizations.  Or to recoup losses.  Which means paper trails.

I'd like to continue as we had been able to operated in the previous 
millennium in terms of server and network and data security, but that's 
increasingly not an option.  VSI has substantial work ahead here too, 
with security-related work within OpenVMS, and with reworked or wholly 
new documentation and training, seeking to better secure and better 
educate app developers, users, and administrators.



-- 
Pure Personal Opinion | HoffmanLabs LLC

More information about the Info-vax mailing list