HG65: How to Audit z/OS with USS, TCP/IP, FTP, and the Internet
- April 8-10, 2013 in Bethesda, MD
Please click: Here for Registration Form
For more information on seminar dates, locations, and hotels, and how to register, please click here:
Schedule/Registration/Locations/Hotels for IS Audit Training
This class is a logical follow-on to "HG64: How to Audit MVS, RACF, ACF2, CICS, and DB2 Security". Mainframe Data Security Officers will benefit from this class, as well as IT auditors.
Now that most mainframe installations have connected at least one mainframe to the Internet, auditors and security staff need to address the effect this has on mainframe security. IBM has made these Internet connections possible by adding several layers of software to the MVS operating system:
- USS or UNIX System Services:
This is UNIX running under the control of MVS and the security software. It interfaces with RACF, ACF2, or TopSecret to make this perhaps the most secure UNIX commonly available.
the communication protocol of the Internet, and of most types of computers. This makes it possible for the mainframe to communicate with the Internet, with Windows, with other UNIXes, with Novell, and with other platforms easily. On the mainframe, you will often find DB2, MQ Series, CICS, and other system software talking to other computers using TCP/IP. Of course, to provide effective security, we need to control every path into the system. The number of paths is greater now because we use TCP/IP. The security mechanisms we use combine the best of RACF/ACF2/TopSecret with the best of TCP/IP native security. The quality of the security depends upon how well we implement and integrate these mechanisms.
- FTP or File Transfer Protocol
TCP/IP always includes a series of programs or daemons, each dedicated to a specific purpose. One of the best known of these is FTP, which lets you upload and download files over the Internet. On the mainframe, FTP can upload and download MVS files as well as USS (UNIX) files. FTP can also serve as an RJE remote and it can talk to DB2.
- The Websphere Web Server or httpd daemon
(another of TCP/IP's daemons) is software that talks over the Internet to Internet Explorer and other browsers on people's personal computers. (It is comparable to Apache or IIS, but is much more secure.) This is often the driving force behind connecting the mainframe to the Internet, since it supports e-business.
Each of these layers has its own security, which is dependent on the security of the layers below it. IBM gives us the tools to secure this all thoroughly, but the tools are often not thoroughly implemented. Effective auditors can help to close the security gap by identifying the risks and making practical recommendations to improve the way the tools are implemented.
This class shows you how the software in each of these layers works, how its security works, and how to audit it. Time permitting, the class covers some of the other software such as CICS, DB2, and MQ Series. For all of these, you will learn a systematic approach to evaluate the risk, to evaluate the security tools in place, and to make practical recommendations to improve security.
HG65: You will learn:
- How USS works how its security works
- How TCP/IP works and how its security works
- How FTP works and how its security works on the mainframe
- How the Websphere web server works and how its security works
- What data to collect and how to interpret it
- How to conduct the audit efficiently and effectively
The workbook is a valuable reference.
Who Should Attend HG65?
- Information Techology auditors who will be auditing z/OS systems, especially those who have taken HG64 or have similar experience
- Mainframe Data Security Officers who want to learn how to secure their Internet connections
Table of contents and Class Outline: HG65: How to Audit z/OS with USS, TCP/IP, FTP, and the Internet I Concepts and Keywords A. Introduction A Working Example Audit Rules B. How Mainframe/Internet Connections Work Considerations When Evaluating Controls for Q1 Considerations When Evaluating Controls for Q2 C. The NETSTAT Command to Learn What’s Going On D. How the Security Works for the Internet E. Recent Mainframe Security Enhancements from IBM F. Control Objectives G. The Audit Program II. Action Plan A. Scoping, Planning and Basic Data Gathering B. USS (UNIX System Services) Security B1. How USS Security Works B2. How to Audit USS Security Checklist for USS ACL Security chaudit chmod chown find getfacl grep ln lp ls Checklist for USS File Security Checklist for USS Security Delegation Checklist for USS Resource Security Checklist for USS Auditing C. TCP/IP Security C1. How TCP/IP Security Works C2. How to Audit TCP/IP Security D. FTP (File Transfer Protocol) Including Trivial FTP D1. How FTP Security Works D2. How to Audit FTP Security E. telnet E1. How telnet Security Works E2. How to Audit telnet Security F. Websphere httpd Web Server F1. How Websphere httpd Security Works F2. How to Audit Websphere Security G. CICS (Customer Inventory Control System) G1. How CICS Internet Security Works G2. How to Audit CICS Security CICS REFERENCE: DFHSIT Security Operands H. DB2 Internet Security H1. How DB2 Internet Security Works H2. How to Audit DB2 Security I. MQ Series I1. How MQ Series Internet Security Works I2. How to Audit MQ Series Security J. Policy Agent J1. How Policy Agent Works J2. How to Audit Policy Agent K. Wrap-up, Working Papers, and Follow-Up III Forms and Reference A. Basic Security Model B. Forms to Document Software Layers and Security Options C. How Firewalls Work D. Model Documents E. The True History of the Internet F. Digital Certificate Security Details G. DB2 AUTHORIZATION TABLES
Please note that these seminars are available for In-House Sessions.
You can save more money by learning about our seminar Discounts
Return to Top of Page Return to Home Page
Stu Henderson offers consulting, seminars, articles, and other information sharing related to information security and auditing. His consulting includes: security reviews, risk assessments, RACF implementation assistance, and Information Technology audit technical counseling.
His most popular seminars provide: RACF training, mainframe audit training including MVS and z/OS audit training. His RACF seminars include: "Effective RACF Administration", "Advanced RACF Administration", and "UNIX (USS) for RACF Administrators".
His audit seminars include: "How to Audit MVS, RACF, ACF2, TopSecret, CICS, DB2, and MQ Series Security" and the follow-on "How to Audit z/OS with USS, TCP/IP, FTP, and the Internet" as well as "How to Audit UNIX and Windows Security" and "How to Audit TCP/IP Security".
Information on class location and schedules, as well as articles, links and other useful information sharing may be found on his website at www.stuhenderson.com