HG65: How to Audit z/OS with USS, TCP/IP, FTP, and the Internet

(3 Days, 24 CPE Credits; $1590)

April 11-13, 2012 in Bethesda, MD

Please click: Here for Registration Form

For more information on seminar dates, locations, and hotels, and how to register, please click here:
Schedule/Registration/Locations/Hotels for IS Audit Training

This class is a logical follow-on to "HG64: How to Audit MVS, RACF, ACF2, CICS, and DB2 Security". Mainframe Data Security Officers will benefit from this class, as well as IT auditors.

Who Should Attend
You Will Learn
Class Outline
See What Our STUDENTS SAY

Now that most mainframe installations have connected at least one mainframe to the Internet, auditors and security staff need to address the effect this has on mainframe security. IBM has made these Internet connections possible by adding several layers of software to the MVS operating system:

USS or UNIX System Services:
This is UNIX running under the control of MVS and the security software. It interfaces with RACF, ACF2, or TopSecret to make this perhaps the most secure UNIX commonly available.
TCP/IP
the communication protocol of the Internet, and of most types of computers. This makes it possible for the mainframe to communicate with the Internet, with Windows, with other UNIXes, with Novell, and with other platforms easily. On the mainframe, you will often find DB2, MQ Series, CICS, and other system software talking to other computers using TCP/IP. Of course, to provide effective security, we need to control every path into the system. The number of paths is greater now because we use TCP/IP. The security mechanisms we use combine the best of RACF/ACF2/TopSecret with the best of TCP/IP native security. The quality of the security depends upon how well we implement and integrate these mechanisms.
FTP or File Transfer Protocol
TCP/IP always includes a series of programs or daemons, each dedicated to a specific purpose. One of the best known of these is FTP, which lets you upload and download files over the Internet. On the mainframe, FTP can upload and download MVS files as well as USS (UNIX) files. FTP can also serve as an RJE remote and it can talk to DB2.
The Websphere Web Server or httpd daemon
(another of TCP/IP's daemons) is software that talks over the Internet to Internet Explorer and other browsers on people's personal computers. (It is comparable to Apache or IIS, but is much more secure.) This is often the driving force behind connecting the mainframe to the Internet, since it supports e-business.

Each of these layers has its own security, which is dependent on the security of the layers below it. IBM gives us the tools to secure this all thoroughly, but the tools are often not thoroughly implemented. Effective auditors can help to close the security gap by identifying the risks and making practical recommendations to improve the way the tools are implemented.
(Other programs sitting on top of MVS use TCP/IP to talk over the Internet, including CICS, DB2, and MQ Series.)

This class shows you how the software in each of these layers works, how its security works, and how to audit it. Time permitting, the class covers some of the other software such as CICS, DB2, and MQ Series. For all of these, you will learn a systematic approach to evaluate the risk, to evaluate the security tools in place, and to make practical recommendations to improve security.
Return to Top of Page Return to Home Page

You will learn:

How USS works how its security works
How TCP/IP works and how its security works
How FTP works and how its security works on the mainframe
How the Websphere web server works and how its security works
What data to collect and how to interpret it
How to conduct the audit efficiently and effectively

The workbook is a valuable reference.
For more information on seminar dates, locations, and hotels, and how to register, please click here:
Schedule/Registration/Locations/Hotels

Return to Top of Page Return to Home Page

Who Should Attend HG65?

Information Techology auditors who will be auditing z/OS systems, especially those who have taken HG64 or have similar experience
Mainframe Data Security Officers who want to learn how to secure their Internet connections

Please note that you can save money by holding these classes in-house. Call Stu at (301) 229-7187 for details.
Note also the classes we offer for Information Security Training, as listed on the left under QUICK LINKS.
Return to Top of Page Return to Home Page

Class Outline

     Table of contents and Class Outline: HG65: How to Audit z/OS with 
		USS, TCP/IP, FTP, and the Internet
 I     Concepts and Keywords	
		A.     Introduction	
			A Working Example	
			Audit Rules	
		B.     How Mainframe/Internet Connections Work 	
			Considerations When Evaluating Controls for Q1	
			Considerations When Evaluating Controls for Q2	
		C.     The NETSTAT Command to Learn What’s Going On	
		D.     How the Security Works for the Internet	
		E.     Recent Mainframe Security Enhancements from IBM	
		F.     Control Objectives	
		G.     The Audit Program	
	II.     Action Plan	
		A.     Scoping, Planning and Basic Data Gathering	
		B.     USS (UNIX System Services) Security	
			B1.     How USS Security Works	
			B2.     How to Audit USS Security	
			Checklist for USS ACL Security	
			chaudit	
			chmod	
			chown	
			find	
			getfacl	
			grep	
			ln	
			lp	
			ls	
			Checklist for USS File Security	
			Checklist for USS Security Delegation	
			Checklist for USS Resource Security 	
			Checklist for USS Auditing 	
		C.     TCP/IP Security	
			C1.     How TCP/IP Security Works	
			C2.     How to Audit TCP/IP Security	
		D.     FTP (File Transfer Protocol) Including Trivial FTP	
			D1.     How FTP Security Works	
			D2.     How to Audit FTP Security	
		E.     telnet	
			E1.     How telnet Security Works	
			E2.     How to Audit telnet Security	
		F.     Websphere httpd Web Server	
			F1.     How Websphere httpd Security Works	
			F2.     How to Audit Websphere Security	
		G.     CICS (Customer Inventory Control System)	
			G1.     How CICS Internet Security Works	
			G2.     How to Audit CICS Security	
			CICS REFERENCE:   DFHSIT Security Operands	
		H.     DB2 Internet Security	
			H1.     How DB2 Internet Security Works	
			H2.     How to Audit DB2 Security	
		I.     MQ Series	
			I1.     How MQ Series Internet Security Works	
			I2.     How to Audit MQ Series Security	
		J.     Policy Agent
			J1.     How Policy Agent Works	
			J2.     How to Audit Policy Agent	
		K.     Wrap-up, Working Papers, and Follow-Up	
	III   Forms and Reference	
		A.     Basic Security Model	
		B.     Forms to Document Software Layers and Security Options	
		C.     How Firewalls Work	
		D.     Model Documents	
		E.     The True History of the Internet	
		F.     Digital Certificate Security Details	
		G.     DB2 AUTHORIZATION TABLES

Return to Top of Page Return to Home Page

Stu Henderson offers consulting, seminars, articles, and other information sharing related to information security and auditing. His consulting includes: security reviews, risk assessments, RACF implementation assistance, and Information Technology audit technical counseling.
His most popular seminars provide: RACF training, mainframe audit training including MVS and z/OS audit training. His RACF seminars include: "Effective RACF Administration", "Advanced RACF Administration", and "UNIX (USS) for RACF Administrators".
His audit seminars include: "How to Audit MVS, RACF, ACF2, TopSecret, CICS, DB2, and MQ Series Security" and the follow-on "How to Audit z/OS with USS, TCP/IP, FTP, and the Internet"
Information on class location and schedules, as well as articles, links and other useful information sharing may be found on his website at www.stuhenderson.com