zsc40 Beyond Legacy Security Paul R. Robichaux NewEra Software, Inc. Thursday, May 9th at 9:00 10:15 am Session Number - zsc40 Location Melrose
|
|
- Bathsheba Bruce
- 5 years ago
- Views:
Transcription
1 Beyond Legacy Security zsc40 Paul R. Robichaux, Inc. Thursday, May 9th at 9:00 0:5 am Session Number - zsc40 Location Melrose
2 TCE The Control Editor Productivity and Control! Building a Safer, more Secure z/os Environment for your Business Applications 2
3 TCE An Overview Better z/os Configuration Control! Today s Agenda: Why Legacy z/os Configuration Security is not Enough? Why is Compensating/Complementary Control Desirable? What level of Incremental Access Control does TCE Provide? How does TCE Provide a Balance of Productivity and Control? 3
4 TCE An Overview A Practical Necessity zenterprise System Integrity - Resting on z/os Configuration Definitions Legacy Security Processes zenterprise Information Systems Denial Yes 99.99% Enterprise Data z/os Configuration Definitions 00.0% Configuration Data 4
5 TCE An Overview The Dataset Level Control Boundary z/os Edit Events UNIX Granted Access Privileges Update None Yes Control Boundary Read Vetted-Users 5
6 TCE An Overview Security Vs. z/os Configuration Control Your External Security Manager Provides Security: The functions provided by your External Security Manager () are required, absolute and unmatched for securing, granting and/or denying user and/or application access to system data, resources and commands. The Control Editor Provides Documentation and Control: The functions provided to you by TCE ensure that the activities of those users granted access to system data, resources and commands by the are fully documented and that, when desirable, -like controls are applied by TCE to individual members in Partitioned Datasets and/or to Sequential Datasets. The z/os Nanny and The z/os Padlock share common control, logging, reporting and notification facilities. 6
7 TCE An Overview Better z/os Configuration Control! : External Security Manager Access Rights Update Privileges 7
8 TCE An Overview Better z/os Configuration Control! CMS: Change Management System Planning Authorization : External Security Manager Access Rights Update Privileges CMS 8
9 TCE An Overview Better z/os Configuration Control! CMS: Change Management System Planning Authorization : External Security Manager Access Rights Update Privileges CMS TCE Enhances the CMS: Capture Actual Changes Enhance Change Documentation Record/Document Unplanned Changes TCE TCE Enhances the : Documents all Events Records Policy Violations Enforces Member Level Control 9
10 TCE An Overview Better z/os Configuration Control! CMS: Change Management System Planning Authorization : External Security Manager Access Rights Update Privileges CMS TCE Enhances the CMS: Capture Actual Changes Enhance Change Documentation Record/Document Unplanned Changes TCE TCE Enhances the : Documents all Events Records Policy Violations Enforces Member Level Control TCE Establishes and Enforces z/os System Programming Best Practices: Backup, Inspection, Where-Used, History, Restore, Notification Defines Responsibility, Pinpoints Accountability Establishes Trust between Team Members Supports Local Control Management 0
11 TSO/ISPF TCE An Overview Better z/os Configuration Control! Scope: zenterprise System Integrity - Resting on z/os Configuration Definitions Boundaries: TSO/ISPF Named in a Statement of Policy Controlled Dataset Categories Applications ICE Operational Best Practices Working Groups Member Level Control Datasets User and Group Working Datasets Batch Utilities Operating Environments: Other Out-of-Policy Change Detection z/os zunix
12 TCE An Overview Boundaries z/os Edit Events Granted Access Privileges Update UNIX ACTSTRxx BPXPRMxx None SMFPRMxx PROGxx Yes ACTCONxx CONSOLxx Read IKJTSOxx TCPIPxx Denial Denial Edit, Copy, Create, Move, Replace, Rename, Add and Delete in PO and PS Datasets or UNIX File. 2
13 TCE An Overview with TCE Boundary Overlap! z/os Edit Events Granted Access Privileges Update UNIX ACTSTRxx BPXPRMxx None SMFPRMxx PROGxx Yes ACTCONxx CONSOLxx Read IKJTSOxx TCPIPxx Denial Events Denial Control Files Control Journals Journal Query Notification 3
14 TCE An Overview Dataset Access Control - 3.4! z/os Configuration Integrity - Access means access to all Configuration Elements. Legacy Security Processes Denial Yes MBR List:..AUTORxx..ATCSTR....ATCCON....BPXPRMxx..CLOCKxx..COMMNDxx..CONSOLxx..HZSPRMxx..IEAFIXxx..IEALPAxx..IEASYSxx..IEASYMxx..IKJTSOxx..PROGxx..SMFPRMxx..TCPIPxx..OTHERSxx E = Edit M = Move D = Delete R = Rename B = Browse V = View C = Copy P = Print S = Submit G = Reset T = TSO Commands W = Workstation Read Only Updaters 4
15 TCE An Overview with TCE Member Level Control! z/os Edit Events Granted Access Privileges Update UNIX ACTSTRxx BPXPRMxx None TCE Yes SMFPRMxx PROGxx ACTCONxx CONSOLxx TCE Read IKJTSOxx TCPIPxx Denial Events Denial Control Files Control Journals Journal Query Notification 5
16 TCE An Overview What Access Denial Look Like! As a Pop-Up displayed to the TSO/ISPF User: Edit access attempt denied by The Control Editor. Reason Code 0037 Press END to exit Where Edit Changes to: 'Browse/View', 'Create', 'Copy', 'Move', and 'Replace' as appropriate for the access event attempt. Where Reason Code 0037 : Would be interpreted by the TCE Administrator as the line number of the Controlling Rule in the NSESELXX Configuration Member that determined/controlled the reported access denial, in this case line 37. As a WTO write to the System Log: TCER0000I - Browse/view access denial for ESSJDL DSN: USER.PARMLIB MEM: PSYNCH RSN:
17 TCE An Overview How does TCE work? - A Listener!...One way to envision The Control Editor is to think of it as an Event Listener on a subsystem interface that allows it to Hear all Events, recording only those that match a predetermined event profile (Control List) and optionally logging all defined events when forensic system analysis is required. These processes require no z/os modifications, Hooks or Exits and are totally within the z/os Administrators control. Configuration Change Events Control List Match? Notify/Act Event Log TCE can Detect TSO/ISPF Line Commands, Configuration Edits, z/os Operator Commands and z/os System Message Events. 7
18 TCE An Overview How does TCE work? - A Listener!...One way to envision The Control Editor is to think of it as an Event Listener on a subsystem interface that allows it to Hear all Events, recording only those that match a predetermined event profile (Control List) and optionally logging all defined events when forensic system analysis is required. These processes require no z/os modifications, Hooks or Exits and are totally within the z/os Administrators control. Configuration Change Events Accesses Commands Messages Concatenations: (Datasets/Directory) Datasets: (PDS,PDSE,SEQ,FILE) Members: Fully Qualified, Prefix, Suffix Actions: Edit, Move, Delete, Rename Browse, View, Copy, Print, Submit Operator Commands: SET, MODIFY, VARY Security Commands: RACF, ACF2, TSS Exclusion Options: TASK, JOBS, USER, TERM System Messages: All, Message ID and/or Text Security Messages: All, Message ID and/or Text HZS, RTD Messages: All, Message ID and/or Text Actions: Issue Commands, Notify z/os and UNIX Edit Events, Operator Commands and System Message Events. 8
19 TCE An Overview How does TCE work? - The Base Case! z/os Edit Events UNIX TSO/ISPF Edit Window Update Authority Update EDIF Interface VTAMLib YES JCLLib PROCLib PARMLib NO TCE can Detect Edit, Copy, Create, Move, Replace, Rename, Add and Delete in PO and PS Datasets. 9
20 TCE An Overview How does TCE work? - Edit Window! The Edit Interface (EDIF) service provides edit functions for data accessed through dialogsupplied I/O routines. The dialog intercept must perform all environment-dependent functions such as dataset allocation, opening, reading, writing, closing, and freeing. The dialog is also responsible for any necessary ENQ/DEQ serialization. TCE provides intercepts for requests to edit controlled datasets that allow for: pre-processing that can allow/deny dataset/member access, detects changes, create backups, editing data in partitioned datasets and sequential files and post-processing detects changes, displays inline descriptor information, generate optional occurrence notification and refreshes a backup as needed. TCE's invocation interface: provides routines that perform data read and write operations, provides command processing to support MOVE, COPY, CREATE, REPLACE, and the EDIT primary commands and supports TCE specific TSO/ISPF primary commands RESTORE, HISTORY, IPLCHECK, TCEHELP, INSPECT, JSCAN, and PSCAN. For more on EDIF and the Edit Window see the z/os VR3.0 ISPF Services Guide 20
21 TCE An Overview How does TCE work? - With your! z/os Edit Events Granted Access Privileges Update UNIX Member Control: User Specific Members Only None TCE Yes Updaters: (Edit) Move, Rename, Create, Etc. Read Only Users: Copy, Print, Submit (Altered) Descriptor Yes TCE Read Denial TCE Denial Changes Control Files Control Journals Journal Query Notification 2
22 TCE An Overview How does TCE work? Accountability! z/os Configuration Integrity - TCE Assignment means Responsibility and Accountability! Legacy Security Processes Denial Yes MBR List:..AUTORxx..ATCSTR....ATCCON....BPXPRMxx..CLOCKxx..COMMNDxx..CONSOLxx..HZSPRMxx..IEAFIXxx..IEALPAxx..IEASYSxx..IEASYMxx..IKJTSOxx..PROGxx..SMFPRMxx..TCPIPxx..OTHERSxx A Super-User, she has access to all members in PDS. z/os VTAM NetWork OPRS Mary Harry 2 An Updater and/or Browser Denied by TCE 2 22
23 TCE An Overview How does TCE work? - Control Cards! NSESEL00 Includes Excludes Statement UserID- -Member- DSN/CAT DSNEDIN CATEDIN DSNEDIN USER23 SYS.PARMLIB Statement UserID- -Member- DSN/CAT DSNEDIN USERXYZ XY SYS.PARMLIB DSNEDEX CATEDEX DSNEDEX USER23 SYS.PARMLIB DSNEDEX USERXYZ PROG SYS.PARMLIB Controlled Access Priority: If any DSNEDIN, CATEDIN, DSNBRIN, CATBRIN exists for the access attempt in question (i.e., for the member/dsn), then there must be an include for the userid in question or the access request will be denied. If no DSNEDIN, CATEDIN, DSNBRIN, CATBRIN exists for the access attempt in question, the userid in question will be granted access unless a DSNEDEX, CATEDEX, DSNBREX, CATBREX exists for the member/dsn and the userid in question. 23
24 TCE An Overview A Balance of Productivity and Control! TCE strikes a balance in design and implementation between the productivity needs of z/os System Programmers and the control needs of z/os System Administrators. The z/os Nanny enhances the TSO/ISPF experience and productivity of z/os System Programmers. The z/os Padlock offers z/os administrators an automated system that compensates for acknowledged weaknesses in their Legacy External Security Managers. The z/os Padlock The control component of The Control Editor fully supports Legacy Security by extending their security control boundaries to heretofore unrecognized events, capturing and reporting security events as they occur in real-time, and enforcing Member Level control over both authorized Updaters and Read Only users. The z/os Nanny The productivity component of The Control Editor enhances the interactive TSO/ISPF experience for z/os Systems Programmers. It is designed to automate step-by-step their achievement of z/os System Programming Best Practices and in doing so compensate for acknowledged weaknesses in Legacy Security Systems. The z/os Nanny and The z/os Padlock share common control, logging, reporting and notification facilities. 24
25 TCE An Overview z/os System Programming Best Practices! Sound z/os System Programming Best Practices are straightforward and simple enough, but we re all human, all busy, we all forget and our best intentions to conform to these practices will sometimes go unfulfilled. Do you: Take a Backup before making changes to z/os Configuration components? Test changes to PARMLIB, PROCLIB, JCLLIB before committing them to production? Research the History of prior changes before attempting new ones? Document Actual changes at the point where the change takes place? Finally, Notify those with a need to know that a change has been made? No Backup, no Test, no Review, no Documentation, no Notification. Any of these can lead to a loss of z/os integrity or compliance or worse - to a loss of z/os availability. In this part of the presentation we will examine the workflow patterns commonly found in many System Programming configuration management tasks and how these tasks can be automatically conformed to Best Practices using The Control Editor (TCE) from, an expert TSO/ISPF workflow assistant, the z/os Nanny. Backup: Generations of individual copies any of which may be used to restore a member. 25
26 TCE An Overview TSO/ISPF Workflow Management! TCE Setup TCE Workflow Management TCE Reports Datasets Messages Backup Occurrence Periodic Commands Notify TCE Forensic MBRUsed TSO/ISPF Edit Restore History Document Testing Detected Change Control Files Control Journals Journal Query Notification 26
27 TCE An Overview TSO/ISPF Workflow Management! z/os Edit Events UNIX TSO/ISPF Edit Window Update Authority If YES Update Take a Backup Check for Update YES If NO Changes? YES NO TCE Event Record(s) TCE Control Journals Last Backup Detected Change Notice Pop-Up Control Journals Notification Denial of Update Authority by the External Security Manager () is considered an Exceptional Event. 27
28 TCE An Overview Edit Window Line Commands! z/os Edit Events UNIX TSO/ISPF Edit Window Update Authority If YES Update Menu Take a Backup Restore History Testing MBRUsed Check for Update Changes? YES NO YES If NO TCE Event Record(s) TCE Control Journals Last Backup Detected Change Notice Pop-Up Control Journals Notification Detected Changes are considered an Exceptional Event. 28
29 TCE An Overview Better z/os Configuration Control! CMS: Change Management System Planning Authorization : External Security Manager Access Rights Update Privileges CMS TCE Enhances the CMS: Capture Actual Changes Enhance Change Documentation Record/Document Unplanned Changes TCE TCE Enhances the : Documents all Events Records Policy Violations Enforces Member Level Control TCE Establishes and Enforces z/os System Programming Best Practices: Backup, Inspection, Where-Used, History, Restore, Notification Defines Responsibility, Pinpoints Accountability Establishes Trust between Team Members Supports Local Control Management 29
30 TCE An Overview A Balance of Productivity and Control! As a z/os System Utility TCE enhances the TSO/ISPF experience for z/os System Programmers by fully automating, step-by-step, the individual tasks that lead us all towards compliance with the Best z/os System Programming Practices. TCE fully supports all z/os Change Management Systems (CMS) and External Security Managers (). The CMS administrator benefits by now being able to Close the Loop between planning for and/or authorizing a change and the ACTUAL change that was made. The Security Administrator benefits by now being able to compensate for the s inherent lack of visibility over authorized system changes that are performed by vetted system users. TCE is fully under the control of the z/os Administrator. Using a 3270 interface she can easily define Control Boundaries (Datasets, Operator Commands, System Events) within which TCE will be vigilant. Changes, even those made outside the TSO/ISPF domain, are captured and reported; all changes are permanently stored in Control Journals for use in interactive or batch Forensic and Periodic Management Reporting. (External Security Managers) RACF, CA ACF2, CA TOP SECRET. 30
31 TCE An Overview TCE Can Help You z/os Assure Integrity! Establish and Document an appropriate Separation of Duties Assign Specific, Individual Staff Component Responsibility Require a Component Backup prior to Configuration Change Institute Testing of Changes before Commitment to Production Validate Configuration against Established, Audited Baseline Document Change at the Point where the Actual Change is made Maintain a Configuration Where-Used Configuration Reference Profile Create an Atmosphere for Configuration Excellence and Accountability 3
32 TCE An Overview How does TCE work? - Shared Control! Control List: Control List: z/os LPAR - A Shared List: z/os LPAR B to n Events Backup Staged Detected Submit Operator Policy TCE Parameters Exceptions Log Postings Notification 3270 Journal Interface Events Backup Staged Detected Submit Operator Policy TCE Parameters Exceptions Log Postings Notification 3270 Journal Interface Journals Journals Shared Journals 32
33 TCE An Overview How does TCE work? - Can, Cannot do! Batch Utilities and Detected Changes: IEBCOPY IEBGENER Other Utilities Edit TSO Command OMVS Copy of MVS Datasets Others //WHATEVER EXEC PGM=TCEUTIL, PARM= IEBCOPY Detected Change Detected Changes: An automated TCE programmatic process by which the actual content of datasets defined to TCE as Controlled Datasets is reconciled with the last TCE Control Journal Copy. This reconciliation is performed at a minimum hourly and in all cases before the results of any query, report or panel is made available. The z/os Nanny and The z/os Padlock share common control, logging, reporting and notification facilities. 33
34 TCE An Overview Better z/os Configuration Control! Today s Agenda: Why Legacy z/os Configuration Security is not Enough? Why is Compensating/Complementary Control Desirable? What level of Incremental Access Control does TCE Provide? How does TCE Provide a Balance of Productivity and Control? 34
35 TCE An Overview It All Begins with a Controlled Backup! support@newera.com Subject: TCE Download Link or Subject: TCE License Key TCE Control Backups Start IFOM Address Space Customize TCE Control Members 2 VTAM APPLID, APF IFOLOAD Customize the ICE Configuration Run the ALLOC and BUILD Jobs Download ICE Install Files Individual user Address Spaces, controlled by IFOM are created when users log into the ICE Environment. 2 ICE Parmlib Configuration Members - NSECTLxx and NSESELxx 35
36 TCE An Overview That s it folks, all done! Paul R. Robichaux - prr@newera.com 36
37 37
The Control Editor (TCE)
One-on-One with The Control Editor (TCE) An Image Control Environment (ICE) Application This booklet prepared exclusively for NewEra Software Foreword I cannot tell you how many times I have had to get
More informationICE 10 Patch 6. In ICE 10 Patch 6 users will now find General Enhancements and New Features in certain ICE Applications:
ICE 10 Patch 6 In ICE 10 Patch 6 users will now find General Enhancements and New Features in certain ICE Applications: The Control Editor Users of The Control Editor under TSO/ISPF will now be able to
More informationLOWER THE COST OF PROVIDING z/os SERVICES
TITLE INTEGRITY CONTROLS ENVIRONMENT The Four Pillars of z/os Operational Integrity MAINTAIN AND INCREASE z/os AVAILABILITY High availability is one of the cornerstones of the IBM mainframe and z operating
More informationThe Control Editor (TCE)
The Control Editor, operating within or outside the Integrity Controls Environment (ICE) can detect, record and protect against named events that impact z/os Configurations. The Control Editor (TCE) Release
More informationMANEWS Issue Number 21 the Mainframe Audit News
This newsletter tells you stuff you need to know to audit IBM mainframe computers runinng with z/os and the MVS operating system. This issue we show you how to plan the data gathering for your audit. Table
More informationIs Your z/os System Secure?
Ray Overby Key Resources, Inc. Info@kr-inc.com (312) KRI-0007 A complete z/os audit will: Evaluate your z/os system Identify vulnerabilities Generate exploits if necessary Require installation remediation
More informationWhy Legacy Security Isn't Enough
Why Legacy Security Isn't Enough Session #14228 Monday, August 12 at 11:00 am Hynes Convention Center Room 207 Paul R. Robichaux Insert Custom Session QR if Desired. Abstract and Speaker Information System
More informationUni Hamburg Mainframe Summit z/os The Mainframe Operating. Part 2 TSO, ISPF und Unix Shell. Introduction to the new mainframe
Uni Hamburg Mainframe Summit z/os The Mainframe Operating Chapter 4: Interactive facilities of z/os: TSO/E, ISPF, and UNIX Part 2 TSO, ISPF und Unix Shell Michael Großmann IBM Technical Sales Mainframe
More informationIBM Education Assistance for z/os V2R1
IBM Education Assistance for z/os V2R1 Item: PARMDD Element/Component: BCP Scheduler Material is current as of June 2013 Agenda Trademarks Presentation Objectives Overview Usage & Invocation Interactions
More informationThe ABC s of z/os Integrity. Paul R. Robichaux -
The ABC s of z/os Integrity Paul R. Robichaux - prr@newera.com http://www.newera-info.com/ 1 The Mainframe today! But Why? Someone Masquerading as You! Monitoring z/os Integrity 2 The IBM z/os Integrity
More informationRA/2 RACF CLI Version 1 - Release 1
RA/2 RACF CLI Version 1 - Release 1 Copyright racfra2.com 2008 All Rights Reserved Distributed by: SEA America Inc. SEA Europe EBM Inc. Ubiquity Pty Ltd Softplex Japan racfra2.com corp. TABLE OF CONTENTS
More informationISPF at EI&O UFIT. UF Information Technology. EI&O Document ID: D0040 Last Updated: 06/28/2002
UFIT ISPF at EI&O EI&O Document ID: D0040 Last Updated: 06/28/2002 The Interactive System Productivity Facility (ISPF) and the Program Development Facility (PDF) are available in TSO. This document briefly
More informationCICS Essentials CICS Best Practices
CICS Essentials CICS Best Practices NewEra Software Special Interest Article Table of Contents CICS and External Security Manager - Best Practices... 3 CICS and VTAM - Best Practices... 4 CICS System Definition
More informationRSA Ready Implementation Guide for
RSA Ready Implementation Guide for IBM Multi-Factor Authentication for z/os V1R1 John Sammon, RSA Partner Engineering Last Modified: 4/7/16 -- 1 - Solution Summary IBM Multi-Factor Authentication for z/os,
More informationChapter 2 TSO COMMANDS. SYS-ED/ Computer Education Techniques, Inc.
Chapter 2 TSO COMMANDS SYS-ED/ Computer Education Techniques, Inc. Objectives You will learn: Executing TSO commands in READY mode or ISPF. The format of a TSO command - syntax and usage. Allocating a
More informationIBM InfoSphere Guardium S-TAP for Data Sets on z/os User's Guide. Version9Release1
IBM InfoSphere Guardium S-TAP for Data Sets on z/os User's Guide Version9Release1 ii IBM InfoSphere Guardium S-TAP for Data Sets on z/os User's Guide Contents Chapter 1. IBM InfoSphere Guardium S-TAP for
More informationPerforming a z/os Vulnerability Assessment. Part 2 - Data Analysis. Presented by Vanguard Integrity Professionals
Performing a z/os Vulnerability Assessment Part 2 - Data Analysis Presented by Vanguard Integrity Professionals Legal Notice Copyright 2014 Vanguard Integrity Professionals - Nevada. All Rights Reserved.
More informationHands-on Lab: Setting up the z/os LDAP Server with the dsconfig utility.
Hands-on Lab: Setting up the z/os LDAP Server with the dsconfig utility. Background: The z/os LDAP server was introduced several years ago. It was a standard LDAP v3 server with support for LDAP v2 if
More informationLMS. Laret Melsch Systems
LMS Laret Melsch Systems Manage and Automate Dynamic Allocation of STEPLIBs and ISPF Libraries is the premier solution to manage and automate dynamic allocation of STEPLIB and ISPF libraries to save time,
More informationEleven Steps to Make Mainframe Security Audits More Effective and Efficient
Eleven Steps to Make Mainframe Security Audits More Effective and Efficient These are some things I ve learned about auditing IBM mainframe computers by trying a lot of approaches, some of which worked
More informationGetting Started with ICE/OPER and its Applications 15.0
Getting Started with ICE/OPER and its Applications 15.0 Contact us for additional information: NewEra Software Technical Support 800-421-5035 or 408-520-7100 support@newera.com www.newera.com Rev: 2018-11-8
More informationData Center Management Systems
Data Center Management Systems The Expert JCL Manager - JED The Future of Automated JCL Management JED Highlights:(Partial list) The JED Process Operating Environments Supported JED Features and Functions
More informationThe HMC Is a Fantastic Tool But Are You Making it Secure?
The HMC Is a Fantastic Tool But Are You Making it Secure? Barry Schrager Xbridge Systems, Inc. & Paul R. Robichaux NewEra Software, Inc. Monday, August 6 at 1:30 2:30 pm Session Number 11198 Platinum 8
More informationCA Top Secret and CA ACF2 101
CA Top Secret and CA ACF2 101 Reg Harbeck CA Wednesday, August 15, 2007 Session 1784 Agenda External Security CA Top Secret (TSS) CA ACF2 (ACF2) How to learn more Q & A 2 Data Security Protection of resources
More informationPerforming a z/os Vulnerability Assessment. Part 3 - Remediation. Presented by Vanguard Integrity Professionals
Performing a z/os Vulnerability Assessment Part 3 - Remediation Presented by Vanguard Integrity Professionals Legal Notice Copyright 2014 Vanguard Integrity Professionals - Nevada. All Rights Reserved.
More informationz/os Management Facility demonstration
z/os Management Facility demonstration June, 2016 Agenda IBM eserver pseries z/os Management Facility: definition and functions z/osmf: a Web application running inside z/os -> demo - MVS view - Web user
More informationz/os Basic Skills Information Center: ISPF Course Module Module 1: Main Features of ISPF
Module 1: Main Features of ISPF Copyright IBM Corp., 2005. All rights reserved. Introduction This module, Main Features of ISPF, introduces you to the z/os Interactive System Productivity Facility, or
More informationIBM. Candle OMEGAMON Platform. Configuring IBM Tivoli Candle Management Server on z/os. Tivoli. Version 360 GC
Tivoli Candle OMEGAMON Platform IBM Version 360 Configuring IBM Tivoli Candle Management Server on z/os GC32-9414-02 12 1 2 Tivoli Candle OMEGAMON Platform IBM Version 360 Configuring IBM Tivoli Candle
More informationHow to Go About Setting Mainframe Security Options
How to Go About Setting Mainframe Security Options Stu Henderson stu@stuhenderson.com 5702 Newington Road Bethesda, MD 20816 www.stuhenderson.com (301) 229-7187 ABSTRACT 2 If you don't think that checklists
More informationIBM. OA VTAM 3270 Intrusion Detection Services - Overview, Considerations, and Assessment (Prerequisite) z/os Communications Server
z/os Communications Server IBM OA49911 - VTAM 3270 Intrusion Detection Services - Overview, Considerations, and Assessment (Prerequisite) Version 2 Release 2 Note: Links to related publications are from
More informationTop 12 Mainframe Security Exposures and Lessons From A Real Mainframe Break-In
Top 12 Mainframe Security Exposures and Lessons From A Real Mainframe Break-In Stu Henderson 5702 Newington Road Bethesda, MD 20816 (301) 229-7187 STU@STUHENDERSON.COM What You ll Hear One Person s Experiences
More informationDeveloping Legacy Platform Security. Philip Young, Information Security Specialist, Visa, Inc. Professional Techniques T21
Developing Legacy Platform Security Philip Young, Information Security Specialist, Visa, Inc. Professional Techniques T21 About Me Philip Young Always interested in IT security Started with Audit Ernst
More informationConfiguring ISPF for Fun and Profit
Configuring ISPF for Fun and Profit Session 10948 Wednesday, March 14, 2012 Thomas Conley Pinnacle Consulting Group, Inc. (PCG) 59 Applewood Drive Rochester, NY 14612-3501 P: (585)720-0012 F: (585)723-3713
More informationAchieving Higher Levels of Productivity with IBM ISPF Productivity Tool for z/os IBM Redbooks Solution Guide
Achieving Higher Levels of Productivity with IBM ISPF Productivity Tool for z/os IBM Redbooks Solution Guide IBM ISPF Productivity Tool for z/os is an ISPF application that provides significant productivity
More informationVersion 1 Release 6. IBM Autonomics Director for Db2 for z/os User's Guide IBM SC
Version 1 Release 6 IBM Autonomics Director for Db2 for z/os User's Guide IBM SC19-4389 Version 1 Release 6 IBM Autonomics Director for Db2 for z/os User's Guide IBM SC19-4389 Note: Before using this
More informationz/os PARMLIB Successful Practices - User Experience
z/os PARMLIB Successful Practices - User Experience Jack Schudel University of Florida schudel@ufl.edu Thursday, August 11, 2011 Session 09800 D PARMLIB IEE251I 05.00.41 PARMLIB DISPLAY PARMLIB DATA SETS
More informationGetting Started With the IBM Tivoli Discovery Library Adapter for z/os
Getting Started With the IBM Tivoli Discovery Library Adapter for z/os December 2012 IBM Advanced Technical Skills Mike Bonett Executive I/T Specialist Special Notices This document reflects the IBM Advanced
More informationInfoprint Server Update for z/os 2.2
Infoprint Server Update for z/os 2.2 Howard Turetzky, EDP Advanced Technical Support Ricoh Production Print Solutions Boulder, Colorado 80301 howard.turetzky@ricoh-usa.com Agenda New function in Infoprint
More informationSmartIS. What is SmartIS? Product Description
SmartIS Product Description What is SmartIS? SmartIS is a Smart Information System designed for today s mainframe data centers. SmartIS automatically collects and correlates data from the areas of: Operations
More informationCA ACF2 for z/os Adapter Installation and Configuration Guide
IBM Security Identity Manager Version 6.0 CA ACF2 for z/os Adapter Installation and Configuration Guide SC27-4383-01 IBM Security Identity Manager Version 6.0 CA ACF2 for z/os Adapter Installation and
More informationAppendix B WORKSHOP. SYS-ED/ Computer Education Techniques, Inc.
Appendix B WORKSHOP SYS-ED/ Computer Education Techniques, Inc. 1 ISPF/PDF Environment 1. Log on to ISPF/PDF; different installations have different logon procedures. 1.1. The ISPF/PDF Primary Option Menu
More informationAuditing and Protecting your z/os environment
Auditing and Protecting your z/os environment Guardium for IMS with IMS Encryption Roy Panting Guardium for System z Technical Sales Engineer March 17, 2015 * IMS Technical Symposium 2015 Agenda Audit
More informationInstallation Verification Procedure for Oracle Database Provider for DRDA
Installation Verification Procedure for Oracle Database Provider for DRDA Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and
More informationVanguard Active Alerts. Jim McNeill Sr Consultant
Vanguard Active Alerts Jim McNeill Sr Consultant Legal Notice Copyright All Rights Reserved. You have a limited license to view these materials for your organization s internal purposes. Any unauthorized
More informationMark Wilson Session Details: Footprinting
Everything you wanted to know about mainframe security, pen testing and vulnerability scanning.. But were too afraid to ask! Mark Wilson markw@rsmpartners.com Session Details: Footprinting Agenda Introduction
More informationVersion 9 Release 1. IBM InfoSphere Guardium S-TAP for IMS on z/os V9.1 User's Guide IBM
Version 9 Release 1 IBM InfoSphere Guardium S-TAP for IMS on z/os V9.1 User's Guide IBM ii IBM InfoSphere Guardium S-TAP for IMS on z/os V9.1 User's Guide Contents Chapter 1. What does IBM InfoSphere Guardium
More informationService Information. English Component
Volume 18 December 2011 IBM DEBUG TOOL NEWSLETTER Currently Available PTFs Release Service Information English Component Japanese Component Korean Component Debug Tool for z/os V11.1 UK74780 UK74781 UK74782
More informationHow Vanguard Solves. Your PCI DSS Challenges. Title. Sub-title. Peter Roberts Sr. Consultant 5/27/2016 1
How Vanguard Solves Title Your PCI DSS Challenges Sub-title Peter Roberts Sr. Consultant 5/27/2016 1 AGENDA 1. About Vanguard/Introductions 2. What is PCI DSS 3. PCI DSS 3.1/3.2 Important Dates 4. PCI
More information* Parameter... 1:18. B Backward References... 5:8 Blocksize: Choosing... 3:19
* Parameter... 1:18 A Abnormal Disposition... 2:7 ACB: Access Method Control Block... 11:7 Accounting Information... 1:9, 8:15 ACCT Parameter - Account... 1:15 Allocation and Termination Messages... 1:25
More informationat Rocket Software Mainframe CVS z/os Unix System Services CVS client Extending the functionality of the Lisa Bates
Mainframe CVS at Rocket Software Extending the functionality of the z/os Unix System Services CVS client Lisa Bates lbates@rs.com April, 2006 Background Rocket wanted to standardize on one source code
More informationIBM. User's Guide. IBM Explorer for z/os. Version 3 Release 0 SC
IBM Explorer for z/os IBM User's Guide Version 3 Release 0 SC27-8431-01 IBM Explorer for z/os IBM User's Guide Version 3 Release 0 SC27-8431-01 Note Before using this information, be sure to read the
More informationDevelop a batch DB2 for z/os COBOL application using Rational Developer for System z
Develop a batch DB2 for z/os COBOL application using Rational Developer for System z Make use of multiple Eclipse perspectives Skill Level: Intermediate Laurence England (englandl@us.ibm.com) STSM IBM
More informationRACF Adapter Installation and Configuration Guide
IBM Security Identity Manager Version 6.0 RACF Adapter Installation and Configuration Guide SC27-4407-02 IBM Security Identity Manager Version 6.0 RACF Adapter Installation and Configuration Guide SC27-4407-02
More informationThe Old is New Again Engineering Security in the Age of Data Access from Anywhere
The Old is New Again Engineering Security in the Age of Data Access from Anywhere Paul de Graaff Chief Strategy Officer Vanguard Integrity Professionals March 10, 2014 Session 14971 AGENDA History 1 This
More informationPerformance Objectives
Chapter 1: ISPF/PDF Environment The advantages associated with the TSO featureset. The advantages associated with the ISPF/PDF featureset. PF: Program Function keys on the 3270 keyboard. Logging on and
More informationPDSEGEN User s Guide
PDSEGEN User s Guide Or how to effectively use PDSE Version 2 Libraries with Member Generations. Author: Lionel B. Dyck PDSEGEN User s Guide V5.1.0 January 2, 2017 Page 1 Table of Contents Changes... 5
More informationCA Endevor Software Change Manager
CA Endevor Software Change Manager Packages Guide Version 16.0.00 Third Edition This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred
More informationWhat is PCI/DSS and What s new Presented by Brian Marshall Vanguard Professional Services
What is PCI/DSS and What s new Presented by Brian Marshall Vanguard Professional Services 4/28/2016 1 AGENDA 1.About Vanguard/Introductions 2.What is PCI DSS History 3.High Level Overview 4.PCI DSS 3.0/3.1/3.2
More informationA Security Review of MVS/RACF: Part 2 Kurt Meiser Payoff
83-03-66 A Security Review of MVS/RACF: Part 2 Kurt Meiser Payoff An efficient and effective security review of an MVS/RACF system depends on several factors. Reviewers must use a well-considered methodology.
More informationISPF Users Boot Camp - Part 2 of 2
Interactive System Productivity Facility (ISPF) ISPF Users Boot Camp - Part 2 of 2 SHARE 116 Session 8677 Peter Van Dyke IBM Australia SHARE 116, Winter 2011 pvandyke@au1.ibm.com Introduction Our jobs
More informationz/os Learning Center: Introduction to ISPF Unit 1: The Basics of ISPF and data sets Module 4: Working with data sets
z/os Learning Center: Introduction to ISPF Unit 1: The Basics of ISPF and data sets Module 4: Working with data sets Copyright IBM Corp., 2005. All rights reserved. Working with data sets Introduction
More informationConfiguring zsecure To Send Data to QRadar
Configuring zsecure To Send Data to QRadar CONFIGURATION, SETUP, AND EXAMPLES Reminder: You must dial-in to the phone conference to listen to the panelists. The web cast does not include audio. USA toll-free:
More informationSupplemental Inspectors
Supplemental Inspectors are the simple way to extend the z/os and sub-component Baselines, Inspections and Change Detection functions found in the Integrity Controls Environment (ICE) Supplemental Inspectors
More informationIs USS the Elephant in the Room?
Is USS the Elephant in the Room? Agenda USS deprecation of BPX.DEFAULT.USER What s the problem? How did we get here? What needs to be done to fix it? Q & A Session What is the Problem? Significant change
More informationJim McNeill. Vanguard Professional Services VSS10 & VSS13
Jim McNeill Vanguard Professional Services VSS10 & VSS13 1 2 Legal Notice Copyright 2017 Copyright by Vanguard Integrity Professionals, Inc. All rights reserved. Unauthorized reproduction, modification,
More informationz/os Learning Center: Introduction to ISPF Unit 1: The Basics of ISPF and Data Sets Module 3: ISPF Data Set Basics
z/os Learning Center: Introduction to ISPF Unit 1: The Basics of ISPF and Data Sets Module 3: ISPF Data Set Basics Copyright IBM Corp., 2005. All rights reserved. Data Set Basics Introduction This module,
More informationBasi di Dati Complementi. Mainframe
Basi di Dati Complementi 3.1. DBMS commerciali DB2-3.1.2 Db2 in ambiente mainframe Andrea Maurino 2007 2008 Mainframe 1 Mainframe Terminologia Mainframe Storage Management Subsystem (SMS) Is an automated
More information2010/04/19 11:38. Describing a unique product that shows the mainframe in a completely different way.
Describing a unique product that shows the mainframe in a completely different way. 1 These are some of the features of SELCOPY/i I will be speaking about today, to give you a flavour of the SELCOPY Interactive
More informationWorkflow Manager - ENDEVOR Attachment
Workflow Manager - ENDEVOR Attachment Micro Focus The Lawn 22-30 Old Bath Road Newbury, Berkshire RG14 1QN UK http://www.microfocus.com Copyright 2013-2014 Micro Focus. All rights reserved. MICRO FOCUS
More informationAuditing DB2 on z/os. Software Product Research
Auditing DB2 on z/os Software Product Research 1 Information stored in DB2 databases is of enormous value to corporations. Misuse of this information can launch competitive and legal penalties. In many
More informationTransporting files between MVS and MVS or between MVS and a Workstation
Transporting files between MVS and MVS or between MVS and a Workstation author: Lionel B. Dyck Revision 1.207 May 07, 2003 If there is a need to transport any file from the IBM MVS computing systems to
More informationCompute (Bridgend) Ltd
Compute (Bridgend) Ltd SELCOPY 2.02 New Features for IBM Mainframe z/os, VSE & VM/CMS Systems 8 Merthyr Mawr Road, Bridgend, Wales UK CF31 3NH Tel: +44 (1656) 65 2222 Fax: +44 (1656) 65 2227 CBL Web Site
More informationEntropy Software General Administration & Configuration
Entropy Software General Administration & Configuration V1.02 1 of 34 Contents 1. Customising your Entropy system... 4 1.1 Entering or editing your Organisation s name into Entropy... 4 1.2 Adding a Watermark...
More informationz/os Learning Center: Introduction to ISPF Unit 1: The Basics of ISPF and Data Sets Module 2: The ISPF PDF Primary Options Menu
z/os Learning Center: Introduction to ISPF Unit 1: The Basics of ISPF and Data Sets Module 2: The ISPF PDF Primary Options Menu Copyright IBM Corp., 2005. All rights reserved. ISPF Primary Options Menu
More informationNew Security Options in DB2 for z/os Release 9 and 10
New Security Options in DB2 for z/os Release 9 and 10 IBM has added several security improvements for DB2 (IBM s mainframe strategic database software) in these releases. Both Data Security Officers and
More informationE-SRF. Security Signature Analysis. Release EKC Security Reporting Facility GENERAL AVAILABILITY. September 1, 2005 EKC Inc.
E-SRF EKC Security Reporting Facility Security Signature Analysis Release 2.1.0 E-SRF V2R1M0 GENERAL AVAILABILITY September 1, 2005 EKC Inc. E-SRF is a proprietary product developed and maintained by EKC
More informationConfiguring and Using SMF Logstreams with zedc Compression
Glenn Anderson, IBM Lab Services and Training Configuring and Using SMF Logstreams with zedc Compression Summer SHARE August 2015 Session 17644 Overview: Current SMF Data Flow SMF Address Space Record
More informationQuick Start Your zsecure Suite - LAB
Quick Start Your zsecure Suite - LAB Mark S Hahn IBM Monday, August 6, 2012 Session 11687 From the Top Install the product(s) Determine which products are to be used Ensure product is not DISabled Review
More informationTable of Contents. Overview of the TEA Login Application Features Roles in Obtaining Application Access Approval Process...
TEAL Help Table of Contents Overview of the TEA Login Application... 7 Features... 7 Roles in Obtaining Application Access... 7 Approval Process... 8 Processing an Application Request... 9 The Process
More informationIBM. Documentation. IBM Sterling Connect:Direct Process Language. Version 5.3
IBM Sterling Connect:Direct Process Language IBM Documentation Version 5.3 IBM Sterling Connect:Direct Process Language IBM Documentation Version 5.3 This edition applies to Version 5 Release 3 of IBM
More informationSparta Systems TrackWise Solution
Systems Solution 21 CFR Part 11 and Annex 11 Assessment October 2017 Systems Solution Introduction The purpose of this document is to outline the roles and responsibilities for compliance with the FDA
More informationCA JCLCheck Workload Automation CA RS 1404 Service List
CA JCLCheck Workload Automation 12.0 1 CA RS 1404 Service List Description Hiper 12.0 RO62327 INVALID CAY6501 MESSAGE WITH MULTI-VOL DATASET AND NOSMS RO62328 INVALID CAY6501 MESSAGE WITH MULTI-VOL DATASET
More informationMVS/QuickRef - Tailoring QW
MVS/QuickRef - Tailoring QW Speaker Name: Chuck Davis Speaker Company: Chicago-Soft, Ltd. Date of Presentation: February 5, 2013 Session Number: 12489 cdavis@quickref.com Planned topics include - 1 of
More informationIBM InfoSphere Guardium S-TAP for DB2 on z/os User's Guide. Version9Release1
IBM InfoSphere Guardium S-TAP for DB2 on z/os User's Guide Version9Release1 ii IBM InfoSphere Guardium S-TAP for DB2 on z/os User's Guide Contents Chapter 1. InfoSphere Guardium S-TAP for DB2 on z/os overview.......
More informationChallenges and Issues for RACF Systems
Payment Card Industry (PCI) Challenges and Issues for RACF Systems Jim Yurek Vanguard Integrity Professionals February 28, 2011 Session Number 8507 The Problem: Credit Card Breaches As long as we have
More informationCA Disk Backup and Restore CA RS 1602 Service List
CA Disk Backup and Restore 12.5 1 CA RS 1602 Service List Description Type 12.5 RO85979 ADD LIBRARY TO LLA FOR DC650 UPDATES PTF RO86373 CREATE ENQ/DEQ HOOK FOR DMSAR PTF RO86766 ADD DSN TO MESSAGE 4106
More informationIBM Education Assistance for z/os V2R1
IBM Education Assistance for z/os V2R1 Item: Allow Groups of SPM Rules Element/Component: WLM/SRM Material is current as of March 2013 IBM Presentation Template Full Version Agenda Trademarks Presentation
More informationSecurity zsecure Audit for ACF2 Version Getting Started IBM GI
Security zsecure Audit for ACF2 Version 2.2.0 Getting Started IBM GI13-2325-02 Security zsecure Audit for ACF2 Version 2.2.0 Getting Started IBM GI13-2325-02 Note Before using this information and the
More informationDecision Manager Help. Version 7.1.7
Version 7.1.7 This document describes products and services of Pegasystems Inc. It may contain trade secrets and proprietary information. The document and product are protected by copyright and distributed
More informationVersion 2 Release 3. IBM IMS Configuration Manager for z/os User's Guide IBM SC
Version 2 Release 3 IBM IMS Configuration Manager for z/os User's Guide IBM SC27-8789-00 Version 2 Release 3 IBM IMS Configuration Manager for z/os User's Guide IBM SC27-8789-00 Note: Before using this
More informationRUNC Easy Commands for the ISPF Edit User
RUNC Easy Commands for the ISPF Edit User By Lionel B. Dyck Table of Contents Change History... 3 Introduction... 4 What is RUNC?... 4 What benefit does RUNC provide?... 4 RUNC... 5 RUNC Command Syntax...
More informationIBM Tivoli Advanced Reporting for DFSMShsm. User s Guide. Version 1 Release 1 SC
IBM Tivoli Advanced Reporting for DFSMShsm User s Guide Version 1 Release 1 SC23-6331-00 Note Before using this information and the products it supports, read the information in Appendix B, on page 319.
More informationWorkflow Manager Endevor Attachment
Workflow Manager Endevor Attachment Micro Focus The Lawn 22-30 Old Bath Road Newbury, Berkshire RG14 1QN UK http:www.microfocus.com Copyright Micro Focus. All rights reserved. MICRO FOCUS, the Micro Focus
More informationIBM Education Assistance for z/os V2R2
IBM Education Assistance for z/os V2R2 Line item: SMF persistent data & REXX GTZQUERY Element/Component: BCP Generic Tracker Material current as of May 2015 IBM Presentation Template Full Version Agenda
More informationz/osmf V2.1 Implementation and Configuration
z/osmf V2.1 Implementation and Configuration z/osmf V2.1 became available on 30 September 2013. Greg Daynes z/os Installation and Deployment Architect Session zos011 Agenda Overview of z/os Management
More informationWHAT S NEW WITH OBSERVEIT: INSIDER THREAT MANAGEMENT VERSION 6.5
WHAT S NEW WITH OBSERVEIT: INSIDER THREAT MANAGEMENT VERSION 6.5 ObserveIT s award-winning insider threat management software combines user monitoring, behavioral analytics, and now policy enforcement
More informationz/os PARMLIB Successful Practices - User Experience
z/os PARMLIB Successful Practices - User Experience Session 10648 Thursday, March 15, 2012 Thomas Conley Pinnacle Consulting Group, Inc. 59 Applewood Drive Rochester, NY 14612-3501 P: (585)720-0012 F:
More informationIBM Security Identity Manager Version Administration Topics
IBM Security Identity Manager Version 6.0.0.5 Administration Topics IBM Security Identity Manager Version 6.0.0.5 Administration Topics ii IBM Security Identity Manager Version 6.0.0.5: Administration
More informationXton Access Manager GETTING STARTED GUIDE
Xton Access Manager GETTING STARTED GUIDE XTON TECHNOLOGIES, LLC PHILADELPHIA Copyright 2017. Xton Technologies LLC. Contents Introduction... 2 Technical Support... 2 What is Xton Access Manager?... 3
More informationSecure Access Manager (SAM) Administrator Guide December 2017
Secure Access Manager (SAM) Administrator Guide December 2017 Copyright 2017 Exostar, LLC All rights reserved. 1 SECURE ACCESS MANAGER (SAM) OVERVIEW... 4 ADMINISTRATIVE ROLES OVERVIEW... 4 SAM NAVIGATIONAL
More information