Top 12 Mainframe Security Exposures and Lessons From A Real Mainframe Break-In
|
|
|
- Shannon Hutchinson
- 6 years ago
- Views:
Transcription
1 Top 12 Mainframe Security Exposures and Lessons From A Real Mainframe Break-In Stu Henderson 5702 Newington Road Bethesda, MD (301) STU@STUHENDERSON.COM
2 What You ll Hear One Person s Experiences You May Not Agree with It All Just Keep What s Useful for You Real Mainframe Break-In Lessons Starting with Stu s Top Twelve Stuart Henderson (c)
3 1. MVS Integrity Exposures Programs Added to MVS With Privileges and Unsafe What Safe Means Stuart Henderson (c)
4 1. MVS Integrity Exposures Privileges Like Supervisor State Let a Program Bypass All Security Not Covered By IBM s Integrity Statement for MVS Stuart Henderson (c)
5 1. MVS Integrity Exposures Common Backdoors: User SVCs, APF-Authorized Programs Most Common Example: Authorization SVCs Stuart Henderson (c)
6 1. MVS Integrity Exposures ~ Simple Solutions ~ Formal Change Control Logging and Review of Updates Tools Like New Era s The Control Editor Stuart Henderson (c)
7 1. MVS Integrity Exposures ~ Simple Solutions ~ Stay Current on z/os Releases and Service (See the IBM Security Portal at rity.html Click on Support & download and Also Browse the Whole Site) Stuart Henderson (c)
8 2. Excessive Defaults and Privileges RACF: GLOBAL Rules, OPERATIONS, TRUSTED etc. ACF2: NON-CNCL, SECURITY, etc. TopSecret: ALL Record, NODSNCHK, etc. Stuart Henderson (c)
9 2. Excessive Defaults and Privileges Started Tasks with Privileges You Don t Need No Stinkin OPERATIONS Stuart Henderson (c)
10 2. Excessive Defaults and Privileges ~ Simple Solutions ~ An Owner for Each Privilege and Resource Class Annual Re-Certification; Do the Work to Avoid Needing the Privileges Firecall IDs Stuart Henderson (c)
11 3. JES Security JESSPOOL, SDSF, OPERCMDS Resource Classes WRITER, NODES, PROPCNTL Resource Classes Spool and Checkpoint Datasets Update Access to Proclibs (JCL for Started Tasks with Privileges) Stuart Henderson (c)
12 3. JES Security ~ Simple Solutions ~ Use RACF, ACF2, or TopSecret to Protect The Above Stuart Henderson (c)
13 4. Tape Security 17 Character DSNAME Problem Two Datasets on a Cartridge BLP (Bypass Label Processing) Stuart Henderson (c)
14 4. Tape Security ~ Simple Solutions ~ DEVSUPxx Member of Parmlib Tape Management Software SAF (RACF, ACF2, or TopSecret) Stuart Henderson (c)
15 5. Residual Data (Still There After Dataset Erased) Tape and Disk PCI (Payment Card Industry) Audits Stuart Henderson (c)
16 5. Residual Data ~ Simple Solutions ~ The Simple Tape Solution The Disk Solution (EOS, AUTOERASE) (Who Decides, Who Knows, Who Is Responsible?) Stuart Henderson (c)
17 6. DB2 Internal Security Doesn t Permit Wildcards Originally Didn t Group Users So If 500 Users and Ten Tables, 5000 Commands to Grant Permission Stuart Henderson (c)
18 6. DB2 Internal Security ~ Simple Solutions ~ RACF, ACF2, TopSecret DSNR Resource Class Stuart Henderson (c)
19 7. Access Production Data For Testing? For 3 AM Emergencies How Often? Stuart Henderson (c)
20 7. Access Production Data ~ Simple Solutions ~ Firecall Userids Stuart Henderson (c)
21 8. Windows Sniffer Programs Logon to the Mainframe Through a Windows LAN Sniffer Program on Any PC Can View All LAN Traffic on the Subnet Including Mainframe Userids and Passwords Stuart Henderson (c)
22 8. Windows Sniffer Programs ~ Simple Solutions ~ Kerberos on the Windows Server Stuart Henderson (c)
23 9. VTAM Security Enterprise Extender and APPN Spoofing an Applid Little Understood, So Left Alone Stuart Henderson (c)
24 9. VTAM Security ~ Simple Solutions ~ VTAMAPPL, APPCLU Resource Classes VTAM Configuration Options Net-Q Software Stuart Henderson (c)
25 10. Batch Job with Another s Userid Batch Jobs Inherit Submittor s ID Or Some Other ID, But What About the Password? Job Scheduling Software What If All Production Jobs Have Same Userid? Stuart Henderson (c)
26 10. Batch Job with Another s Userid ~ Simple Solutions ~ ACF2: JOBFROM Privilege versus RESTRICTED TopSecret: NOSUBCHK versus XA ACID= All Three: SURROGAT and PROPCNTL Stuart Henderson (c)
27 11. Hardware Configuration Shared DASD (Disk) LPARs and SYSPLEXes Multiple Security Software Databases HCD (Hardware Configuration Definition) and IODF (Input Output Configuration File) Stuart Henderson (c)
28 11. Hardware Configuration ~ Simple Solutions ~ Formal Change Control Learn to Read IODF, HCD SAF Tools Like New Era s StepOne Stuart Henderson (c)
29 12. Mainframe TCP/IP Connections Internet, FTP, TN3270, httpd, Other Daemons CICS, MQ Series Stuart Henderson (c)
30 12. Mainframe TCP/IP Connections DB2, TCPALVER, SQL Injection, Distributed Connections Lack of Knowledge Weak Communication Between Mainframe and TCP/IP Experts Stuart Henderson (c)
31 12. Mainframe TCP/IP Connections ~ Simple Solutions ~ Basic Steps: Block All the Ports Basic Steps: Ensure All Sensitive Data Encrypted, Including Passwords PAGENT (Policy Agent) Firewall Like Functions Change Control Over Configuration Files, Programs, JCL Stuart Henderson (c)
32 SOME COMMON THEMES All of these weaknesses can be traced to organizational issues: Who decides? Who approves? Who has the knowledge? Who is responsible? How do we measure? Stuart Henderson (c)
33 Example A Real MAINFRAME BREAK-IN This was a deliberate, successful, criminal attack On a European service bureau s mainframes Over the Internet. Stuart Henderson (c)
34 Example A Real MAINFRAME BREAK-IN Not stealing a tape or tricking out passwords. RACF, but applies to ACF2 or TopSecret. Discovered from high CPU usage. Shades of The Cuckoo s Egg by Cliff Stoll Stuart Henderson (c)
35 Example A Real MAINFRAME BREAK-IN First used FTP to download the RACF database and crack all the userids and passwords. People seem to think that because passwords are encrypted, they can t be read. Stuart Henderson (c)
36 Example A Real MAINFRAME BREAK-IN But brute force cracker programs will do the job. In a couple of days they cracked the passwords for 30,000 userids. Stuart Henderson (c)
37 Example A Real MAINFRAME BREAK-IN Is this where we process State Police records? YES Hackers broke into front-end distributed computers to get to the mainframes Stuart Henderson (c)
38 Example A Real MAINFRAME BREAK-IN Hackers installed outbound programs which called out over the Internet, making it easier for the hackers to bypass firewalls and other protections. All of the holes the hackers used resulted from mis-configuration, not weaknesses in mainframe security or RACF. Stuart Henderson (c)
39 A Real Mainframe Break-In SOME COMMON THEMES All of these weaknesses can be traced to organizational issues: Who decides? Who approves? Who has the knowledge? Who is responsible? How do we measure? Stuart Henderson (c)
40 A Real Mainframe Break-In LESSONS LEARNED Mainframes are targets now. Internet connections make them more vulnerable Most securable platform, but Organizational issues Stuart Henderson (c)
41 Top 12 Mainframe Security Exposures and Lessons From A Real Mainframe Break-In For more information: IBM Security Portal at ml NewEra Software: The Henderson Group: Net Q: Stuart Henderson (c)
Tutorial: Lessons From A Real Mainframe Break-In Over the Internet
Tutorial: Lessons From A Real Mainframe Break-In Over the Internet Stu Henderson 5702 Newington Road Bethesda, MD 20816 (301) 229-7187 STU@STUHENDERSON.COM What You ll Hear Today Brief comments on why
What's Missing in Mainframe InfoSec: (What We Don't Know We Don't Know)"
What's Missing in Mainframe InfoSec: (What We Don't Know We Don't Know)" Stu Henderson stu@stuhenderson.com 5702 Newington Road www.stuhenderson.com Bethesda, MD 20816 (301) 229-7187 ABSTRACT 2 In this
MANEWS Issue Number 21 the Mainframe Audit News
This newsletter tells you stuff you need to know to audit IBM mainframe computers runinng with z/os and the MVS operating system. This issue we show you how to plan the data gathering for your audit. Table
Eleven Steps to Make Mainframe Security Audits More Effective and Efficient
Eleven Steps to Make Mainframe Security Audits More Effective and Efficient These are some things I ve learned about auditing IBM mainframe computers by trying a lot of approaches, some of which worked
How to Go About Setting Mainframe Security Options
How to Go About Setting Mainframe Security Options Stu Henderson stu@stuhenderson.com 5702 Newington Road Bethesda, MD 20816 www.stuhenderson.com (301) 229-7187 ABSTRACT 2 If you don't think that checklists
Review of RACF SETROPTS
Review of RACF SETROPTS (A Brief Tutorial) the Henderson Group 5702 Newington Road Bethesda, MD 20816 (301) 229-7187 Abstract The SETROPTS command in RACF (mainframe computer security software) is where
=============================================== ===============================================
M A News Mainframe Audit News January, 2005 Issue Number 06 Table of Contents 1. Introducing the Mainframe Audit News 2. Managing Your Audit Planning Through Your View of the Mainframe 3. New Developments
New Security Options in DB2 for z/os Release 9 and 10
New Security Options in DB2 for z/os Release 9 and 10 IBM has added several security improvements for DB2 (IBM s mainframe strategic database software) in these releases. Both Data Security Officers and
What s Cool About the CONNECT Command in RACF
What s Cool About the CONNECT Command in RACF Stu Henderson stu@stuhenderson.com 5702 Newington Road www.stuhenderson.com Bethesda, MD 20816 (301) 229-7187 AGENDA 2 1. We all know the CONNECT command 2.
Is Your z/os System Secure?
Ray Overby Key Resources, Inc. Info@kr-inc.com (312) KRI-0007 A complete z/os audit will: Evaluate your z/os system Identify vulnerabilities Generate exploits if necessary Require installation remediation
Common Holes in RACF Defenses
Common Holes in RACF Defenses IBM Systems TechU RSH CONSULTING, INC. RACF SPECIALISTS 617 969 9050 WWW.RSHCONSULTING.COM RSH Consulting Robert S. Hansel RSH Consulting, Inc. is an IT security professional
How to Get Full Security from Security Software and Tape Management Software Together
How to Get Full Security from Security Software and Tape Management Software Together Monday, August 22, 2005 Session 1714 1:30 Stu Henderson (stu@stuhenderson.com) Russell Witt (russell.witt@ca.com) Abstract
Challenges and Issues for RACF Systems
Payment Card Industry (PCI) Challenges and Issues for RACF Systems Jim Yurek Vanguard Integrity Professionals February 28, 2011 Session Number 8507 The Problem: Credit Card Breaches As long as we have
IBM. PDF file of IBM Knowledge Center topics. IBM Operations Analytics for z Systems. Version 2 Release 2
IBM Operations Analytics for z Systems IBM PDF file of IBM Knowledge Center topics Version 2 Release 2 IBM Operations Analytics for z Systems IBM PDF file of IBM Knowledge Center topics Version 2 Release
MANEWS 04 ========================================== ==========================================
========================================== ========================================== M A News Mainframe Audit News February, 2003 Issue Number 04 ========================================== ==========================================
MANEWS 01 ========================================== ==========================================
========================================== ========================================== M A News Mainframe Audit News October, 2001 Issue Number 01 Table of Contents I N T H I S I S S U E 1) Introducing
EView/390z Insight for Splunk v7.1
EView/390z Insight for Splunk v7.1 EView/390z Insight Overview (IBM Mainframe environment) Technical Details By leveraging the foundation EView Intelligent Agent technology to power EView/390z Insight
What is PCI/DSS and What s new Presented by Brian Marshall Vanguard Professional Services
What is PCI/DSS and What s new Presented by Brian Marshall Vanguard Professional Services 4/28/2016 1 AGENDA 1.About Vanguard/Introductions 2.What is PCI DSS History 3.High Level Overview 4.PCI DSS 3.0/3.1/3.2
How Vanguard Solves. Your PCI DSS Challenges. Title. Sub-title. Peter Roberts Sr. Consultant 5/27/2016 1
How Vanguard Solves Title Your PCI DSS Challenges Sub-title Peter Roberts Sr. Consultant 5/27/2016 1 AGENDA 1. About Vanguard/Introductions 2. What is PCI DSS 3. PCI DSS 3.1/3.2 Important Dates 4. PCI
LOWER THE COST OF PROVIDING z/os SERVICES
TITLE INTEGRITY CONTROLS ENVIRONMENT The Four Pillars of z/os Operational Integrity MAINTAIN AND INCREASE z/os AVAILABILITY High availability is one of the cornerstones of the IBM mainframe and z operating
Developing Legacy Platform Security. Philip Young, Information Security Specialist, Visa, Inc. Professional Techniques T21
Developing Legacy Platform Security Philip Young, Information Security Specialist, Visa, Inc. Professional Techniques T21 About Me Philip Young Always interested in IT security Started with Audit Ernst
Performing a z/os Vulnerability Assessment. Part 2 - Data Analysis. Presented by Vanguard Integrity Professionals
Performing a z/os Vulnerability Assessment Part 2 - Data Analysis Presented by Vanguard Integrity Professionals Legal Notice Copyright 2014 Vanguard Integrity Professionals - Nevada. All Rights Reserved.
Performing a z/os Vulnerability Assessment. Part 3 - Remediation. Presented by Vanguard Integrity Professionals
Performing a z/os Vulnerability Assessment Part 3 - Remediation Presented by Vanguard Integrity Professionals Legal Notice Copyright 2014 Vanguard Integrity Professionals - Nevada. All Rights Reserved.
Securing Mainframe File Transfers and TN3270
Securing Mainframe File Transfers and TN3270 with SSH Tectia Server for IBM z/os White Paper October 2007 SSH Tectia provides a versatile, enterprise-class Secure Shell protocol (SSH2) implementation for
MU2b Authentication, Authorization and Accounting Questions Set 2
MU2b Authentication, Authorization and Accounting Questions Set 2 1. You enable the audit of successful and failed policy changes. Where can you view entries related to policy change attempts? Lesson 2
Uni Hamburg Mainframe Summit 2010 z/os The Mainframe Operating. Part 4 z/os Overview
Uni Hamburg Mainframe Summit 2010 z/os The Mainframe Operating Part 4 z/os Overview Redelf Janßen IBM Technical Sales Mainframe Systems Redelf.Janssen@de.ibm.com Course materials may not be reproduced
Building a Case for Mainframe Security
Building a Case for Mainframe Security Dr. Paul Rohmeyer, Ph.D. Stevens Institute of Technology Hoboken, New Jersey June 13-15, 2010 1 AGENDA - Problem Statement - Defining Security - Understanding Mainframe
Popping a shell on a mainframe, is that even possible?
Popping a shell on a mainframe, is that even possible? Ayoub ELAASSAL ayoub.elaassal@wavestone.com @ayoul3 WAVESTONE 1 What people think of when I talk about mainframes WAVESTONE 2 The reality: IBM zec
"Charting the Course... z/os Technical Bootcamp Course Summary
Course Summary Description This course provides an intense examination of z/os for systems programmers. Topics include an introduction to computer systems hardware and an exploration of architecture, system
Oracle Database Security Assessment Tool
Oracle Database Security Assessment Tool With data breaches growing every day along with the evolving set of data protection and privacy regulations, protecting business sensitive and regulated data is
IOF (Interactive Output Facility) TSO Installation Guide Release 8E
IOF (Interactive Output Facility) TSO Installation Guide Release 8E Copyrights and Trademarks Triangle Systems, Inc. P. O. Box 12752 Research Triangle Park, NC 27709 Telephone: (919) 544-0090 Fax: (919)
zsc40 Beyond Legacy Security Paul R. Robichaux NewEra Software, Inc. Thursday, May 9th at 9:00 10:15 am Session Number - zsc40 Location Melrose
Beyond Legacy Security zsc40 Paul R. Robichaux, Inc. Thursday, May 9th at 9:00 0:5 am Session Number - zsc40 Location Melrose TCE The Control Editor Productivity and Control! Building a Safer, more Secure
Mark Wilson Session Details: Footprinting
Everything you wanted to know about mainframe security, pen testing and vulnerability scanning.. But were too afraid to ask! Mark Wilson markw@rsmpartners.com Session Details: Footprinting Agenda Introduction
Hands-on Lab: Setting up the z/os LDAP Server with the dsconfig utility.
Hands-on Lab: Setting up the z/os LDAP Server with the dsconfig utility. Background: The z/os LDAP server was introduced several years ago. It was a standard LDAP v3 server with support for LDAP v2 if
COMP 3400 Mainframe Administration 1
COMP 3400 Mainframe Administration 1 Christian Grothoff christian@grothoff.org http://grothoff.org/christian/ 1 These slides are based in part on materials provided by IBM s Academic Initiative. 1 The
How Secure is Your Mainframe, Really?
How Secure is Your Mainframe, Really? Brian Cummings, Tata Consultancy Services Mark S Hahn, IBM Tuesday, March 13, 2012 10902 Two-Part Presentation Concerns Actions 1 The Mainframe Lives? 2 The Mainframe
IBM. RACF Security Guide. CICS Transaction Server for z/os Version 4 Release 2 SC
CICS Transaction Server for z/os Version 4 Release 2 IBM RACF Security Guide SC34-7179-01 CICS Transaction Server for z/os Version 4 Release 2 IBM RACF Security Guide SC34-7179-01 Note Before using this
Off-Line The SC Midlands Chapter of the Information Systems Audit & Control Association
Off-Line The SC Midlands Chapter of the Information Systems Audit & Control Association CHAPTER 54 AUGUST 2007 September Seminars: Computer Security: How to Audit Security on Any Type of Computer How to
The Old is New Again Engineering Security in the Age of Data Access from Anywhere
The Old is New Again Engineering Security in the Age of Data Access from Anywhere Paul de Graaff Chief Strategy Officer Vanguard Integrity Professionals March 10, 2014 Session 14971 AGENDA History 1 This
Under the Hood: Amy DeMartine, Principal Analyst, Forrester Ray Overby, President, Key Resources, Inc. A Mainframe Vulnerability Management Playbook
Under the Hood: A Mainframe Vulnerability Management Playbook Amy DeMartine, Principal Analyst, Forrester Ray Overby, President, Key Resources, Inc. 2018 Key Resources, Inc. Reproduction Prohibited Objective:
Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
The Control Editor (TCE)
One-on-One with The Control Editor (TCE) An Image Control Environment (ICE) Application This booklet prepared exclusively for NewEra Software Foreword I cannot tell you how many times I have had to get
RACFVARS RUGONE October 2013
Robert S. Hansel Lead RACF Consultant R.Hansel@rshconsulting.com 617 969 9050 Robert S. Hansel Robert S. Hansel is Lead RACF Specialist and founder of RSH Consulting, Inc., an IT security professional
What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards
PCI DSS What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards Definition: A multifaceted security standard that includes requirements for security management, policies, procedures,
Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle
Data Security and Privacy : Compliance to Stewardship Jignesh Patel Solution Consultant,Oracle Agenda Connected Government Security Threats and Risks Defense In Depth Approach Summary Connected Government
Can IBM Debug Tool and RDz Integrated Debugger both coexist in same CICS region?
Can IBM Debug Tool and RDz Integrated Debugger both coexist in same CICS region? With v9.1.1, the Integrated Debugger feature introduced a common adapter which made it possible for both IBM Debug Tool
The HMC Is a Fantastic Tool But Are You Making it Secure?
The HMC Is a Fantastic Tool But Are You Making it Secure? Barry Schrager Xbridge Systems, Inc. & Paul R. Robichaux NewEra Software, Inc. Monday, August 6 at 1:30 2:30 pm Session Number 11198 Platinum 8
1) How many unique operating systems are available on IBM Z hardware? Answer Choice A58_
Print Name: Print Email Address: 60 questions where each question has only 1 best choice answer from the list of 60 answers A1 to A60 1) How many unique operating systems are available on IBM Z hardware?
Chapter 2. Switch Concepts and Configuration. Part II
Chapter 2 Switch Concepts and Configuration Part II CCNA3-1 Chapter 2-2 Switch Concepts and Configuration Configuring Switch Security MAC Address Flooding Passwords Spoofing Attacks Console Security Tools
The Modern Mainframe. IBM Systems. Powerful, secure, dependable and easier to use. Bernice Casey System z User Experience
Powerful, secure, dependable and easier to use Bernice Casey (casey@us.ibm.com) System z User Experience Steven Ma (stevenma@us.ibm.com) Application Integration Middleware User Experience 2006 IBM Corporation
Uni Hamburg Mainframe Summit 2010 z/os The Mainframe Operating. Part 6 z/os Concepts
Uni Hamburg Mainframe Summit 2010 z/os The Mainframe Operating Part 6 z/os Concepts Redelf Janßen IBM Technical Sales Mainframe Systems Redelf.Janssen@de.ibm.com Course materials may not be reproduced
Security Best Practices. For DNN Websites
Security Best Practices For DNN Websites Mitchel Sellers Who am I? Microsoft MVP, ASPInsider, DNN MVP Microsoft Certified Professional CEO IowaComputerGurus, Inc. Contact Information msellers@iowacomputergurus.com
MQ Jumping... Or, move to the front of the queue, pass go and collect 200
MQ Jumping.... Or, move to the front of the queue, pass go and collect 200 Martyn Ruks DEFCON 15 2007-08-03 One Year Ago Last year I talked about IBM Networking attacks and said I was going to continue
RSA Ready Implementation Guide for
RSA Ready Implementation Guide for IBM Multi-Factor Authentication for z/os V1R1 John Sammon, RSA Partner Engineering Last Modified: 4/7/16 -- 1 - Solution Summary IBM Multi-Factor Authentication for z/os,
ICE 10 Patch 6. In ICE 10 Patch 6 users will now find General Enhancements and New Features in certain ICE Applications:
ICE 10 Patch 6 In ICE 10 Patch 6 users will now find General Enhancements and New Features in certain ICE Applications: The Control Editor Users of The Control Editor under TSO/ISPF will now be able to
RACF Performance Tuning SHARE August 2013
RACF Performance Tuning 13397 Robert S. Hansel Lead RACF Consultant R.Hansel@rshconsulting.com 617 969 9050 Robert S. Hansel Robert S. Hansel is Lead RACF Specialist and founder of RSH Consulting, Inc.,
z/os Operating System Vulnerabilities ( )
ARTICLE z/os Operating System Vulnerabilities (2013-2017) Cynthia Overby March 2, 2018 z/os Operating System Vulnerabilities (2013-2017) 01 Mainframe Integrity Vulnerabilities Key Resources, Inc. (KRI)
z/os 2.1 HCD HMCwide Dynamic Activate
z/os 2.1 HCD HMCwide Dynamic Activate Dale F. Riedy IBM riedy@us.ibm.com 12 August 2013 Session Number 14246 Agenda Activating a new I/O configuration today Activating a new I/O configuration with z/os
Rocket Software Strong Authentication Expert
RSA SecurID Ready Implementation Guide Last Modified: May 5, 2014 Partner Information Product Information Partner Name Web Site Product Name Version & Platform Product Description Rocket Software www.rocketsoftware.com
EMC ControlCenter PLANNING AND INSTALLATION GUIDE VOLUME 2 (MVS AGENTS) 6.0 P/N REV A02
EMC ControlCenter 6.0 PLANNING AND INSTALLATION GUIDE VOLUME 2 (MVS AGENTS) P/N 300-004-024 REV A02 EMC Corporation Corporate Headquarters: Hopkinton, MA 01748-9103 1-508-435-1000 www.emc.com Copyright
IBM InfoSphere Guardium S-TAP for Data Sets on z/os User's Guide. Version9Release1
IBM InfoSphere Guardium S-TAP for Data Sets on z/os User's Guide Version9Release1 ii IBM InfoSphere Guardium S-TAP for Data Sets on z/os User's Guide Contents Chapter 1. IBM InfoSphere Guardium S-TAP for
Web insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.
Web Security Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming Web Security Slide 1/25 Outline Web insecurity Security strategies General security Listing of server-side risks Language
Post exploit goodness on a Mainframe
Post exploit goodness on a Mainframe SPECIAL is the new root Ayoub ELAASSAL @ayoul3 Github.com/ayoul3 What I picture when talking about Mainframes What people picture when I talk about Mainframes In 2017
Approaches to Enterprise-Wide Monitoring and Problem-Solving on IBM z Systems
Session 17728: Approaches to Enterprise-Wide Monitoring and Problem-Solving on IBM z Systems Ernie Gilman IBM Sr. Consulting IT Specialist egilman@us.ibm.com Abstract Examples of how best to leverage the
Migrating from CA Top Secret to RACF: A User Experience
BY CHUCK CLAY Migrating from CA Top Secret to RACF: A User Experience More and more shops are deciding, for whatever reason, to migrate from Computer Associates Top Secret to IBM s RACF. However, there
Selecting Software Packages for Secure Database Installations
Selecting Software Packages for Secure Database Installations Afonso Araújo Neto, Marco Vieira This document includes complementary information for the paper Selecting Software Packages for Secure Database
The Master Console Center (MCC) automates and enhances data center operations by:
Introduction The Master Console Center () automates and enhances data center operations by: Providing a high degree of operational consolidation, allowing multiple data centers and/or hosts to be monitored
Architecture. Steven M. Bellovin October 31,
Architecture Steven M. Bellovin October 31, 2016 1 Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market Apache
A Review Paper on Network Security Attacks and Defences
EUROPEAN ACADEMIC RESEARCH Vol. IV, Issue 12/ March 2017 ISSN 2286-4822 www.euacademic.org Impact Factor: 3.4546 (UIF) DRJI Value: 5.9 (B+) A Review Paper on Network Security Attacks and ALLYSA ASHLEY
IBM Process Server Components
Unit 3 - Network Deployment Process Server Configuration IBM Business Process Manager for z/os V8.5 'Advanced-Only' What you Will build DMgr B#Cell B#DMnode B#nodeA Cluster (DE) SR01 AdvOnly Server SR01A
PROFESSIONAL SERVICES (Solution Brief)
(Solution Brief) The most effective way for organizations to reduce the cost of maintaining enterprise security and improve security postures is to automate and optimize information security. Vanguard
How IBM Can Identify z/os Networking Issues without tracing
How IBM Can Identify z/os Networking Issues without tracing Wed, August 12, 1:45-2:45 Session 17536 Speakers: Ernie Gilman, IBM (egilman@us.ibm.com) Dean Butler, IBM (butlerde@us.ibm.com) Abstract Running
Import and Export libpcap, Sniffer and OSAENTA Traces
New in Version 4.7 Incorporation of all Previous Service As well as the new facilities outlined in the paragraphs below, all service applied after the initial release of version 4.5 of EXIGENCE has been
z/os Performance Monitoring Shootout ASG, BMC, CA and IBM
z/os Performance Monitoring Shootout ASG, BMC, CA and IBM Gary Henderson Director of Product Management ASG- Allen Systems Group Inc. 5 August 2010 Session Number : 7537 Installation and Maintenance Installation
Enabling AT-TLS encrypted communication between z/os and IBM Guardium Appliance
Enabling AT-TLS encrypted communication between z/os and IBM Guardium Appliance Purpose of this document: This document is an example of how to configure encrypted communication between z/os using AT-TLS
Safeguarding Cardholder Account Data
Safeguarding Cardholder Account Data Attachmate Safeguarding Cardholder Account Data CONTENTS The Twelve PCI Requirements... 1 How Reflection Handles Your Host-Centric Security Issues... 2 The Reflection
Security zsecure Service Stream Enhancement for PCI-DSS support Version Documentation updates for User Reference Manual for Top Secret
Security zsecure Serice Stream Enhancement for PCI-DSS support Version 2.1.0 Documentation updates for User Reference Manual for Top Secret Security zsecure Serice Stream Enhancement for PCI-DSS support
Running z/os as a Second Level System on z/vm to Clone and Scale 13075
Running z/os as a Second Level System on z/vm to Clone and Scale 13075 Steve McGarril mcgarril@us.ibm.com STG WW Mainframe Client Center February 6 th, 2013 Scenario New hardware introduction z10 to z196
Jim McNeill. Vanguard Professional Services VSS10 & VSS13
Jim McNeill Vanguard Professional Services VSS10 & VSS13 1 2 Legal Notice Copyright 2017 Copyright by Vanguard Integrity Professionals, Inc. All rights reserved. Unauthorized reproduction, modification,
Security and Authentication
Security and Authentication Authentication and Security A major problem with computer communication Trust Who is sending you those bits What they allow to do in your system 2 Authentication In distributed
E-SRF. Security Signature Analysis. Release EKC Security Reporting Facility GENERAL AVAILABILITY. September 1, 2005 EKC Inc.
E-SRF EKC Security Reporting Facility Security Signature Analysis Release 2.1.0 E-SRF V2R1M0 GENERAL AVAILABILITY September 1, 2005 EKC Inc. E-SRF is a proprietary product developed and maintained by EKC
CompTIA Security+(2008 Edition) Exam
http://www.51- pass.com Exam : SY0-201 Title : CompTIA Security+(2008 Edition) Exam Version : Demo 1 / 7 1.An administrator is explaining the conditions under which penetration testing is preferred over
IBM. Candle OMEGAMON Platform. Configuring IBM Tivoli Candle Management Server on z/os. Tivoli. Version 360 GC
Tivoli Candle OMEGAMON Platform IBM Version 360 Configuring IBM Tivoli Candle Management Server on z/os GC32-9414-02 12 1 2 Tivoli Candle OMEGAMON Platform IBM Version 360 Configuring IBM Tivoli Candle
Vanguard Active Alerts. Jim McNeill Sr Consultant
Vanguard Active Alerts Jim McNeill Sr Consultant Legal Notice Copyright All Rights Reserved. You have a limited license to view these materials for your organization s internal purposes. Any unauthorized
Auditing and Protecting your z/os environment
Auditing and Protecting your z/os environment Guardium for IMS with IMS Encryption Roy Panting Guardium for System z Technical Sales Engineer March 17, 2015 * IMS Technical Symposium 2015 Agenda Audit
Session The Penguins Have Landed- Changes and Improvements with Linux on Z at Shelter Insurance
Session 09754 The Penguins Have Landed- Changes and Improvements with Linux on Z at Shelter Insurance Shelter Insurance 2011 Shelter Insurance Midwest - 13 states Property and Casualty Life Reinsurance
IBM. Host Configuration Reference Guide. IBM Explorer for z/os SC
IBM Explorer for z/os IBM Host Configuration Reference Guide SC27-8438-02 IBM Explorer for z/os IBM Host Configuration Reference Guide SC27-8438-02 Note Before using this information, be sure to read
Securing JES Resource Classes
Securing JES Resource Classes Jim McNeill NYRUG November 25, 2014 1 Session Topics Job Control Overview Controlling Job Input Controlling JOB CLASSES Controlling Printing (Output) Controlling Access to
Encryption on IBM i. Mark Flora Ciber MRMUG 2/2014
Mark Flora Ciber MRMUG 2/2014 Threats Credit card information Inside and outside your organization Personnel data like SSN or phone number Inside and outside your organization Key business information
Introduction to DB2 11 for z/os
Chapter 1 Introduction to DB2 11 for z/os This chapter will address the job responsibilities of the DB2 system administrator, what to expect on the IBM DB2 11 System Administrator for z/os certification
EView/390z Mainframe Discovery for ServiceNow Discovery for CMDB
EView/390z Mainframe Discovery for ServiceNow Discovery for CMDB Concepts Guide Software Version: 7.2 April 2018 Legal Notices Warranty EView Technology makes no warranty of any kind with regard to this
Testpassport http://www.testpassport.net Exam : SY0-301 Title : Security+ Certification Exam 2011 version Version : Demo 1 / 5 1.Which of the following is the BEST approach to perform risk mitigation of
CA Top Secret and CA ACF2 101
CA Top Secret and CA ACF2 101 Reg Harbeck CA Wednesday, August 15, 2007 Session 1784 Agenda External Security CA Top Secret (TSS) CA ACF2 (ACF2) How to learn more Q & A 2 Data Security Protection of resources
RACF Performance Tuning SHARE March 2015
16810 March 2015 Robert S. Hansel Lead RACF Consultant R.Hansel@rshconsulting.com 617 969 9050 Robert S. Hansel Robert S. Hansel is Lead RACF Specialist and founder of RSH Consulting, Inc., an IT security
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com
Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE s3security.com Security Professional Services S3 offers security services through its Security Professional Services (SPS) group, the security-consulting
International Technical Support Organization. IBM System Storage Tape Encryption Solutions. May 2009 SG
International Technical Support Organization IBM System Storage Tape Encryption Solutions May 2009 SG24-7320-02 Contents Notices Trademarks xiii xiv Preface xv The team that wrote this book xv Become a
www.linkedin.com/in/jimliebert Jim.Liebert@compuware.com Table of Contents Introduction... 1 Why the Compuware Workbench was built... 1 What the Compuware Workbench does... 2 z/os File Access and Manipulation...
Vanguard ez/signon Client Installation and User Guide
Vanguard ez/signon Client Installation and User Guide Version 5.1 Vanguard ez/signon Version 5.1 Document Number VZSI-081503-511U September, 2003 Copyright 1997-2003 Vanguard Integrity Professionals-Nevada.
Pass Microsoft Exam
Pass Microsoft 98-367 Exam Number: 98-367 Passing Score: 700 Time Limit: 45 min File Version: 51.0 http://www.gratisexam.com/ Pass Microsoft 98-367 Exam Exam Name: Security Fundamentals Certdumps QUESTION
Installing ISV Mainframe Products through a Web Browser with CA MSM: Update and User Experiences
Installing ISV Mainframe Products through a Web Browser with CA MSM: Update and User Experiences Mark Zelden CSC Global Outsourcing Services August 8, 2012 Session 11840 Agenda Environment overview MSM