Franklin

IBM Mainframe Security : Beyond the Basics-A Practical Guide from a z/OS and RACF Perspective.

Author/Creator:
Dattani, Dinesh D.
Publication:
Ketchum : MC Press, 2013.
Format/Description:
Book
1 online resource (225 pages)
Status/Location:
Loading...

Options
Location Notes Your Loan Policy

Details

Other records:
Subjects:
Regime change -- Latin America.
Latin America -- Politics and government -- 1980-.
Latin America -- Economic policy.
Form/Genre:
Electronic books.
Summary:
Rather than rehashing basic information-such as command syntax-already available in other publications, this book focuses on important security and audit issues, business best practices, and compliance, discussing the important issues in IBM mainframe security. Mainframes are the backbone of most large IT organizations; security cannot be left to chance. With very little training available to the younger crowd, and older, more experienced personnel retiring or close to retiring, there is a need in mainframe security skills at the senior level. Based on real-life experiences, issues, and solutions to mainframe security from the author's three decades of practical experience as a mainframe security practitioner, this book fulfills that need.
Contents:
Front Cover
Title Page
Copyright
Dedication
Acknowledgments
About The Author
Contents
Introduction
Part One: Securing Business Data
Chapter 1: How the Mainframe Provides Sec urity
How RACF Does Access Checking
The RACF Access Checking Diagram
Chapter 2: RACF Special Privileges
Logging Special Privilege Activities
Mitigating the Risk of Special Privileges
Alternatives to the OPERATIONS Privilege
Summary
Chapter 3: The Data Security Monitor (DSMON)
How to Produce DSMON Reports
Understanding DSMON Reports
Summary
Chapter 4: Security Event Logging and Auditing
Auditing User Activity
Auditing Resources at the Profile Level
Using the GLOBALAUDIT Operand
Auditing Resources at the Class Level
Auditing Users with Special Privileges
Auditing Profile Changes
Auditing Failures to RACF Commands
RACF Automatic Loggings
The Importance of Security Log Retention
Summary
Chapter 5: The Global Access Checking (GAC) Table
The Benefits of GAC
The Security Concerns of GAC
Implementing GAC
Mitigating the Security Risks of GAC
The Benefits of GAC Mirror Profiles
Good Candidates for GAC Processing
Summary
Chapter 6: Understanding the FACILITY Class
Storage Administration Profiles
z/OS UNIX Profiles
RACF Profiles
Other Profiles
Security Administration of FACILITY Class Profiles
The FACILITY Class's Documentation
Third-Party Vendor Products
In-House Developed Products
FACILITY Class Profiles: A Word of Caution
Chapter 7: The Benefits of the SEARCH Command
Creating RACF Commands
Cleaning Up the RACF Database
Listing Profiles, User IDs, and Groups
Revoking User IDs
Finding Duplicate UIDs and GIDs
Searching a User's Access to Profiles
Finding Discrete Profiles
Summary.
Chapter 8: WARNING Mode and Its Implications
The Proper Use of WARNING Mode
The Incorrect Use of WARNING Mode
Finding All Profiles in WARNING Mode
Make Sure WARNING Mode Is Justified
Remove WARNING Mode Where Inappropriate
Summary
Chapter 9: Understanding z/OS UNIX Security
How z/OS UNIX Security Works
Planning For z/OS UNIX Security
Unique UIDs and GIDs Recommended
The SUPERUSER Privilege
Auditing z/OS UNIX
Implementing z/OS UNIX Controls
FACILITY Class Considerations
UNIXPRIV Class Considerations
Other z/OS UNIX Conside rations
Chapter 10: The Benefits of RACF Commands in Batch Mode
Capturing the Results of RACF Commands
Automating a Process
Performing an Action Repeatedly
Entering Groups of RACF Commands
When Batch Mode Is the Only Method
Summary
Chapter 11: Security Administration: Beyond the Basics
Doing It Right the First Time
Being Inquisitive
Understanding RACF User Profile Segments
What Is a RACF Discrete Profile?
What Are Undefined RACF User IDs?
Universal Access (UACC) Considerations
The Restricted Attribute
Disaster Recovery Considerations
What Are RACF "Grouping Classes"?
What Is RACF "Undercutting"?
What Is A RACF "Back-Stop" Profile?
Why User IDs Must Not Be Shared
Granting Temporary Access to Resources
Creating "Fully-Qualified" Generic Profiles
Specifying Strong Passwords
RACF Global Options
Summary
Part Two: Securing the z/OS Operating System
Chapter 12: APF-Authorized Libraries
What Is the Risk?
Finding APF-Authorized Libraries
How Do You Mitigate This Risk?
Summary
Chapter 13: The System Management Facility (SMF)
What Is the Risk?
How Do You Mitigate This Risk?
Summary
Chapter 14: Operating System Data Sets
System Parameter Libraries
System Catalogs.
Assorted Operating System Data Sets
Summary
Chapter 15: RACF Databases
What Is The Risk?
How Do You Mitigate This Risk?
Summary
Chapter 16: RACF Exits
What Is the Risk?
How Do You Mitigate This Risk?
Summary
Chapter 17: System Exits
What Is the Risk?
How Do You Mitigate This Risk?
Summary
Chapter 18: Started Procedures
What Is the Risk?
How Do You Mitigate This Risk?
Summary
Chapter 19: Tape Bypass Label Processing (BLP)
What Is the Risk?
How Do You Mitigate This Risk?
Summary
Chapter 20: The SYS1.UADS Data Set
A Brief History of SYS1.UADS
How SYS1.UADS Works With RACF
Keeping SYS1.UADS Current
Summary
Chapter 21: The System Display and Search Facility (SDSF)
What Is the Risk?
How Do You Mitigate This Risk?
Chapter 22: The Program Properties Table (PPT)
What Is the Risk?
How Do You Mitigate This Risk?
Chapter 23: Special-Use Programs
What Is the Risk?
How Do You Mitigate This Risk?
Part Three: Security Infrastructure Matters
Chapter 24: Application and Batch ID Security
Segregate Production from Non-Production
Batch IDs Must Not Share Application Data
Production JCL Must Not Refer To Personal Data Sets
Be Careful About SURROGAT Class Access
Restrict Direct Update Access to Production Data
Chapter 25: Security Architecture
Internal Vs. External Security
The Benefits of External (RACF) Security
Centralized Security or Decentralized Security?
Chapter 26: The RACF Unload Database
How It Was Done Before
Creating the RACF Unload Database
The Benefits of the RACF Unload Database
The Uses Of The RACF Unload Database
Getting Quick Answers Using TSO
Summary
Chapter 27: Increasing Your Productivity
Use REXX and CLISTs
Learn More About ISPF Edit Capabilities
Join Online User Groups.
Find a Mentor
Use RACF Help Functions
Use Online Manuals
Get Free Utilities
Subscribe to Vendor Publications
Use Native RACF Commands
Learn DFSORT
Summary
Chapter 28: Security Compliance
Chapter 29: Security Best Practices
Implement Role-Based Security
Periodically De-Clutter Your Security Database
Handle Employee Transfers and Terminations As They Occur
Identify Your Important Data
Assign Ownership to All Data
Keep All Security Within RACF
Log Accesses to Important Data
Conduct Periodic Reviews of All Access Rights
Implement Change Management for Production JCL
Report and Monitor Security Activities
Implement Segregation of Duties
Require Approval Before Granting Access
Summary
Chapter 30: Security Add-On Products
The Benefits Of RACF Add-On Products
Simplified Security Administration
Security Monitoring
Password Resets
Security Reporting
Security Compliance and Enforcement
Summary
Epilogue
Index.
Notes:
Description based on publisher supplied metadata and other sources.
Other format:
Print version: Dattani, Dinesh D. IBM Mainframe Security
ISBN:
9781583478318
9781583478288
OCLC:
861478631