RACF is a trademark of IBM. This newsletter is not affiliated with IBM in any way.
Winner of the PROGRAM Golf Shirt Announced
The winning entry for most interesting list of programs to be protected in the PROGRAM class is Hayim Sokolsky. His list:
GARUG Has Great OnLine Newsletter
GARUG, the Georgia RUG, has not only a great web site (see page 8 for URL). They also have a great newsletter, which is published on the Internet. To subscribe. contact Nancy Geiger at email@example.com or at (770) 534-6409. (You will need Acrobat Reader software, which is available for free, to read this newsletter.)
NEW YORK RUG Meeting Dates
On Wednesdays, from 1 to 5 PM:
October 21, 1998 (revised), and then January 13, 1999, and then April 14, 1999. Mark your calendars now. See inside for details.
BALTIMORE/WASHINGTON RUG Meeting Dates
On Thurdays, from 9AM to Noon:
October 22, 1998 (revised) and then January 14, 1999, and then April 15, 1999. Mark your calendars now. See inside for details.
Computer Security Policy Sharing Library to Change Hands
Denise Saylor of Lukens Steel has for many years maintained this sharing library. Many of us have benefitted from seeing what other people have in their policies. (And of course, have contributed to the library when their own policies were made final.) Denise has moved on to better opportunities in her company and will no longer be able to maintain the library. If you would like to be the official NYRUG Policy Sharing Library Coordinator, let Stu know. You will be contributing to the entire community. (You also get all the rights and privileges pertaining thereto, including having your name in this newsletter.) Denise, thanks for years of unselfish sharing. Good luck in your new position. We will miss you.
RACF Software Industry Re-Structures
We have recently seen several changes in the companies which sell software to support RACF reporting and admininistration. These include: an acquisition, a transfer, several new companies, and (as described in the next article) new, free software from IBM. Our head is spinning from all the changes, so if we left someone out (or didn't get the right updates to the Interesting Products columns), please let us know. (Please check the Interesting Products columns for contact information.)
Vanguard has acquired Sysdata, including the RACF software tool RIOVISION, also known as "RACF with a mouse".
RA-2 is now sold and supported by SEA in Long Island. (It used to be sold by ASPG, which still has a fine line of non-RACF tools).
New companies offering tools for RACF administration support include: Beta Systems, which offers Beta-88.
Another new offering is Megasolve, from Megasolve.
Yet a third offering is R-to-R, from Open Software Technologies.
We have has many requests for recommendations or comparisons of these products. However, we don't see any practical method to do this, given the number of products and the speed with which they all sprout new features.
We make the following recommendations for deciding on a product:
A reliable source at Goldman Sachs denies the rumor that the HRUG (Harrisburg RACF Users Group) is about to undergo an IPO (Initial Public Offering). "Perhaps you misunderstood someone coughing," she commented.
IBM Offers New, Free Tools to Ease RACF Administration
You will want to learn about these tools from IBM, available over the Internet (http://www.s390.ibm.com/racf/):
More on LDAP
When IBM re-packaged RACF by putting it into a product called "OS/390 Security Server", they added a several free add-ons, including the Firewall software. The most recent of these is an LDAP, or Lightweight Directory Access Protocol, server. Here's how it works:
Think of all the times you have had to take information about a user from one source and incorporate it into another file: UADS into RACF, DB2 into RACF, CICS into RACF, people's phone numbers and departments, salary information, home addresses, and on and on and on. How would you like a single database with all the information you wanted to store about people, with the ability to add new fields to the records, with good read and write security over each field, and available to any program which needed the information? This is LDAP, a standard which is associated not with any vendor, but with the people who are figuring out how to integrate different computers from all vendors into a smoothly flowing client-server configuration.
LDAP uses a directory, which is a database designed to support more reads than updates. It is designed to hold lots of different types of information about people. It can be called from almost any program. It is designed so that if a given directory doesn't have the information you need, it can ask other directories on other computers for the information.
LDAP is a stripped-down, ("lightweight") version of the X500 protocol blessed by standards organizations like ISO and ANSI. You will see it in the next release of Windows NT (NT 5). You can already see it in Novell Netware 4. And now RACF works with it on the mainframe, as part of the OS/390 Security Server.
Interesting Products Column
We have not evaluated these, but think every RACF shop should know about them.
Fifteen Minute Project to Improve Your RACF
Check your GLOBAL table in DSMON to verify that it does what you want without undercutting critical rules. Here are some guidelines:
Questions and Answers
You can limit this exposure by specifying a userid via the DFLTUSER parameter that has minimal authority to CICS transactions. It makes sense to have a uniquely defined userid as the default user for each CICS production region, and to give these userids minimal authority.
See If You Can Guess Where IBM Thinks the World Is Headed Based on This Partial List of Planned Features for OS/390 Version 2 Release 6:
If you add in LDAP (see above), and the free firewall you get with RACF, you would think that IBM is pursuing a strategy of linking the mainframe to everything else, with RACF doing a major part of the security.
NYRUG (New York RACF Users Group) and BWRUG (Baltimore/ Washington RUG) NEWS
NYRUG: At Our Next Meeting
This is our best slate of speakers in a long time: Walt Farrell of IBM's RACF development team will speak to us on "The Future of Information Security" They say that no one has thought longer, deeper, nor more thoroughly about RACF than Walt Farrell. They call him the "Pope of RACF". Kurt Meiser of ITSS, the author of the RACF password cracker program and of other nifty software, will speak on RACF Password Quality Considerations, including: unhashing RACF passwords, user experience guessing RACF passwords, and brute force attacks. Both of these speakers have rare knowledge and both know how to present it with humor.
Time: Wednesday, October 21, 1998 from 1PM until it's too late to go back to the office.
Place: Bank of New York, 1 Wall Street, 45th Flr to get to the 47th Floor (not the usual BONY site)
BWRUG (Baltimore/Washington RUG):
Our Next Meeting will be at IBM's luxurious conference facility in their Federal Systems Secure Computing offices in Bethesda, MD. We will have our best slate of speakers in a long time: Walt Farrell of IBM's RACF development team will speak to us on "The Future of Information Security". They say that no one has thought longer, deeper, nor more thoroughly about RACF than Walt Farrell. They call him the "Pope of RACF". Kurt Meiser of ITSS, the author of the RACF password cracker program and of other nifty software, will speak on RACF Password Quality Considerations, including: unhashing RACF passwords, user experience guessing RACF passwords, and brute force attacks. Both of these speakers have rare knowledge which they present with humor.
Time: Thursday, October 22, 1998 at 9:00.
Place: IBM's Bethesda offices NW of Wash., DC, where I270 and I495 come together. Call our host Mike Kearney of IBM at (301) 803-1719 if you need help with directions. From Baltimore, take I95 South to I495, heading West towards Bethesda. Exit from I495 onto I270, towards Rockville. Exit from I270 onto Old Georgetown Road, turning left at the light at the end of the ramp. Go two lights, and turn RIGHT onto Rock Spring Drive. Go one light and turn RIGHT onto Rockledge Drive. Turn LEFT at the second median break, 6710 Rockledge Drive. The parking garage is on your left, and the building is on your right. At the gated garage entrance, push the button and tell the guard you're going to the B/W RUG or RACF meeting. Parking is free. Walk to the 6710 lobby for sign-in.
From Virginia, take I495 North towards Rockville/Bethesda. Exit onto I270, heading towards Rockville/Gaitherburg. Exit from I270 onto Democracy Blvd turning RIGHT at end of the ramp. Go 3 lights and turn LEFT onto Rockledge Drive. Go STRAIGHT through 1st light (Rock Spring Drive), then turn LEFT at the second median break, 6710 Rockledge Drive. The parking garage is on your left, and the building is on your right. At the gated garage entrance, push the button and tell the guard you're going to the B/W RUG or RACF meeting. Parking is free. Walk to the 6710 lobby for sign-in.
From DC, West, take GW Pkwy to 495 and follow Virginia directions above. From DC, East, take New York Avenue to B/W Pkwy to I495 and follow Baltimore directions above.
Permanently Interesting Products Column
We have not evaluated these, but think every RACF shop should know about them.
HG RACF and Security Training 1998 Schedule:
The Henderson Group offers its RACF and computer security/audit seminars around the country and on-site too. See the details below or call (301) 229-7187 for a free seminar catalog.
1) HG04 Effective RACF Administration (formerly called How to Implement and Administer RACF Effectively) ($1695) Nov. 16-20, 1998 in Washington, DC Feb. 22-26, 1999 in Clearwater, FL 2) HG05 (formerly HG44) Advanced RACF Administration ($850) Dec. 10-11, 1998 in Washington, DC 3) HG17 How to Be an Effective OS/390 (MVS) Data Security Officer) (covers CICS, VTAM, DB2, JES, and other security along with MVS security, SAF, and OS/390) (3 days in 1998 for $1150) Dec. 7-9, 1998 in Washington, DC Mar. 1-3, 1999 in Clearwater, FL 4) HG40 Mastering Windows NT Security ($850) Oct. 19-20, 1998 in Washington, DC
RACF User Services (Key Phone Numbers / Addresses)
RACF List Server on the Internet
To join, send E-mail to the administrator for the server. (Don't send it to the server itself or your request will be routed to every subscriber.) For example, if your name is John Smith and you want to subscribe, then send this E-mail:
subscribe racf-l john smith
to the address: LISTSERV@uga.cc.uga.edu or LISTSERV@UGA.BITNET
The reply will include directions on how to get info such as a list of all subscribers, an index to previous comments, and a command summary.
Other Internet places: