RACF (part of OS/390 Security Server) is a trademark of IBM. This newsletter is not affiliated with IBM in any way.
Upstate New York RACF Users Group
If you want to join (or help support), contact Michael Aliperti at (518) 457-4373 or at firstname.lastname@example.org.
New PTF for RACF 2.8 with UNIX This PTF (UW67685) gives a warning message any time you give a UID to a userid when the userid's default group doesn't have a GID. This is good help from IBM. (Thanks once more to George Fogg.)
Tampa RUG Re-Starting If you want to participate or help out, call Jim Cuddy at (727) 299-4233.
Vanguard Product Users Conference will be held in Boston, October 15-17. Contact them at www.go2vanguard.com for more info.
To Get a Free Subscription to this Newsletter Phone Stu at (301) 229-7187 with your request, leaving your name, postal address, and phone. For back issues, check his website: www.stuhenderson.com
NEW YORK RUG Meeting Dates Thursday, October 19, 2000 from 1 to 5 PM with a pre-meeting lunch from noon to 1PM, sponsored by VIP. Mark your calendars now. See inside for details. See also "NYRUG and BWRUG Switch to Three Meetings a Year" and "New Day of Week..." on page 3. Details on page 5.
BALTIMORE/WASHINGTON RUG Meeting Dates Friday, October 20, 2000 from 9AM to noon, with a post-meeting lunch from noon to 1PM, sponsored by VIP. Mark your calendars now. See inside for details. See also "NYRUG and BWRUG Switch to Three Meetings a Year" and "New Day of Week..." on page 3. Details on page 5. -------------------------------------------
Chicago RUG Meets End of September Contact email@example.com for info or to join.
SESAP Going Strong in North Florida SESAP is Southeastern Security and Audit Professionals. Next meeting is October 6 at 9:15 at Crowley Maritime in Jacksonville. Contact Gena Star at (904) 854-3128.
BWRUG Planning Daylong Tech Training Meeting Let us know what speakers and topics you would like to hear. GEICO Direct has offered to sponsor the meeting. Current plans are to have a minimal charge to cover lunch. Call Stu Henderson at (301) 229- 7187 for more info, or to volunteer a speaker or topic.
RACF 2.10 New Features Include:
You will need to work with your sysprog to phase in this change in three stages, using the utility IRRIRA00 (IRA is Internal Reorganization of Aliases). Be especially careful to follow IBM's suggestions for this if you are sharing a RACF database between several CPUs or LPARs if some of them are on release 2.10 and others aren't. Pay careful attention to IBM's advice if you use RRSF. Once you have finished this conversion, you can stop using these resource classes: UNIXMAP [for UNIX System Services], NOTELINK [for Lotus Notes], and NDSLINK [for Novell Directory Services]. This will reduce space requirements for the RACF database. Other reverse mapping classes such as DCEUUIDS will not be affected.
NYRUG and BWRUG Switch to Three Meetings a Year Both these RACF user groups will meet in January, April, and October, with no meetings scheduled during the summer vacation months. Note also the change in days of the week (next item). This newsletter will also be switching to three issues per year.
New Day of Week for NYRUG and BWRUG The NYRUG and BWRUG have declared an eighth day of the week, Passday, which falls between Sunday and Monday. (Just kidding!) Actually, the NYRUG has been meeting on a Wednesday, the BWRUG on the following Thursday. In January, we will probably change this to Tuesday for the NYRUG, with the BWRUG on the preceding Monday. Please send comments and questions to Stu at (301) 229-7187.
How to Deal with E-Mail Viruses Since many of these viruses attack by sending copies of themselves to everyone in your adddress book, try this: Set the options on your email software to not send out-going email automatically. Then at the end of each e-mail session, browse the outbound queue to verify that there are no unexpected messages. Click the option to send outbound messages only after reviewing the queue.
Question and Answer
Q) I keep seeing in my SMF records terminal ids which I know haven't been defined by my system. What's going on?
A) TCP/IP makes up his own terminal ids from IP addresses. IP addresses are the ones made up of four numbers separated by dots, for example 126.96.36.199. TCP/IP takes each of the four numbers and converts it to hex (for example 188.8.131.52 in hex would be C6.20.0F.FE). It then takes out the dots to get the terminal id (in our example the terminal id would be C6200FFE). You can make rules in the TERMINAL resource class, for example
RDEF TERMINAL C6200FFE UACC(...
Jim Bradley of Bank United Wins Golf Shirt for correctly specifying the purpose for the FACILITY class rule named BPX.WLMSERVER. This rule controls Work Load Manager functions. Congratulations, Jim.
Another Useful Rule of Thumb from IBM for RACF Don't give SPECIAL userids an OMVS segment.
IBM Security Conference Oct. 2-6, 2000, Orlando, FL For more details, call (800) 426-8322 or see: www.ibm.com/services/learning
Fifteen Minute Project to Improve Your RACF Prevent abuse of started task and other userids by making them PROTECTED. Make them so (once you are on RACF 2.8 or later) by issuing this command:
ALU userid NOPASSWORD NOOIDCARD
This will it impossible for a hacker to get them revoked by entering too many invalid passwords in a row. It will also prevent them from being used in any situation which requires a password (for example, they can't be used to log onto CICS or TSO.). You want to do this for the following types of userids:
NYRUG (New York RACF Users Group) and BWRUG (Baltimore/ Washington RUG) NEWS
NYRUG: At Our Next Meeting
Our next meeting will be hosted by Vanguard Integrity Professionals, which is also providing members with a free, pre-meeting lunch and product demonstration, as well as providing our mid-meeting break refreshments. Vanguard's product presentation precedes and is completely separate from our regular meeting. The product presentation will describe QS/390 and other VIP products. Vanguard will again hold a drawing for a free Palm Pilot at the regular meeting. Our speaker will be: Phil Emrich of VIP on RACF and CICS. Phil will describe the new security facilities recently added to CICS Transaction Server for OS/390. He will also explain Security for CICS and the Web. As always, we will have a question and answer session with some of the keenest RACF minds in the State to answer questions.
Time: Thursday, October 19, 2000. The lunch and product presentation will begin at noon. The regular meeting starts at 1PM until it's too late to go back to the office.
Place: The New York Marriott Marquis, 1535 Broadway [between 45th and 46th Streets, at 7th Avenue and Times Square] in the Marquis Room
BWRUG (Baltimore/Washington RUG):
Our next meeting will be hosted by Vanguard Integrity Professionals, which is also providing members with a free, post-meeting lunch and product demonstration, as well as providing our mid-meeting break refreshments. Vanguard's product presentation follows and is completely separate from our regular meeting. The product presentation will describe QS/390 and other VIP products. Vanguard will again hold a drawing for a free Palm Pilot at the regular meeting. At the regular meeting, our speaker will be Phil Emrich of Vanguard on "RACF Security for MQ Series on OS/390". As always, we will have a question and answer session with some of the keenest RACF minds in the Capital area to answer questions
Time: Friday, October 20, 2000. The regular meeting will be from 9AM to noon, and the free lunch and product demo will be from noon to 1PM. Vanguard will provide a continental breakfast starting at 8:45AM. Place: Marriott Residence Inn at 7335 Wisconsin Ave in Bethesda, MD, phone (301) 718-0200. This is at the Bethesda stop of the RED LINE of the Metro (which goes quickly to Union Station for MARC and Amtrak riders). By car: Take the beltway I495 to Exit 34 (Wisconsin Ave.) This is NW of DC, near where I270 joins I495. Take Wisconsin Ave South (aka Route 355 South) about 2.5 miles. Watch for the Hyatt/Bethesda Metro on the right. Just past the Hyatt, take the next left onto Montgomery Avenue. Go one block and take the first right onto Waverly Avenue. Waverly wraps around to the front of the hotel where there is valet parking.
Wherever You Live or Work:
Why not see if your organization can host a meeting for your local RUG?
Permanently Interesting Products Column
We have not evaluated these, but think every RACF shop should know about them.
HG RACF and Security Training Schedule (Includes 2001 Dates):
The Henderson Group offers its RACF and computer security/audit seminars around the country and on-site too. See the details below or call (301) 229-7187 for a free seminar catalog. To see what students say about these classes, please go to www.stuhenderson.com . 1) HG04 Effective RACF Administration (formerly called How to Implement and Administer RACF Effectively) ($1695 in 2000, $1795 in 2001) (REVISED) Oct. 23-27, 2000 in New York City Dec. 4-8, 2000 in Bethesda, MD (near Washington, DC) Feb. 19-23, 2001 in Clearwater, FL May 7-11, 2001 in Atlanta, GA Sept.10-14, 2001 in New York City Nov. 5-9, 2001 in Clearwater, FL 2) HG05 Advanced RACF Administration ($1185) Oct. 4-6, 2000 in Bethesda, MD (near Washington, DC) Mar. 28-30, 2001 in Clearwater, FL Oct. 17-19, 2001 in Atlanta, GA 3) HG17 How to Be an Effective OS/390 (MVS) Data Security Officer) (covers CICS, VTAM, DB2, JES, and other security along with MVS security, SAF, and OS/390) ($1190) Nov. 8-10, 2000 in Bethesda, MD (near Washington, DC) Feb. 14-16, 2001 in Clearwater, FL May 16-18, 2001 in Atlanta, GA Sept. 5-7, 2001 in New York City 4) HG40 Mastering Windows 2000 (NT) Security (Windows 2000 is the new name for Windows NT Release 5, or NT5; this class covers NT4 security as well as Windows 2000 security) ($1195) Sept. 27-29, 2000 in Bethesda, MD (near Washington, DC) Apl. 25-27, 2001 in Bethesda, MD (near Washington, DC) Sept. 19-21, 2001 in New York City
RACF User Services (Newsletter Subscriptions / Key Phone Numbers / Addresses)
RACF List Server on the Internet
To join, send E-mail to the administrator for the server. (Don't send it to the server itself or your request will be routed to every subscriber.) For example, if your name is John Smith and you want to subscribe, then send this E-mail:
subscribe racf-l john smith
to the address: firstname.lastname@example.org
The reply will include directions on how to get info such as a list of all subscribers, an index to previous comments, and a command summary.
Other Internet places:
Copyright ©: 2000, Stuart C. Henderson
Revised - Sept. 11, 2000