SITE SERVICES
Contact Us
Search
Site Map

NEWS
Business
Enterprise
Job Market
Security
Technology
Vendor

PROGRAMMING
Assembler
C and C++
COBOL
Java and XML
REXX

TOPICS
Business
Hardware
IT at Work
Linux
Management
Project Mgt
OS390 and zOS
Research
Storage
Testing & QA

TOOLS
Books
Magazines
Manuals
Organizations

RACF, Started Tasks and System Privileges The z/OS system command START initiates processing for started tasks and z/OS subsystems. Examining the full syntax of the start command shows how the task’s job name is determined. Understanding this is essential to understanding how RACF secures the task. (Mar. 2005 eServer Magazine)

PKI for z/OS: Hidden in Plain Sight Companies leveraging z/OS in their IT environments may be missing out on one of the inadvertently best kept secrets of the OS: the presence of Public Key Infrastructure services housed right on their mainframe, which can provide the function and human interfaces required for lifecycle management of large numbers of digital certificates. (Jul. 2004 TechWorld)

Common Criteria Security Certification The Common Criteria is an internationally recognized ISO used by governments and other organizations to assess the security and assurance of technology products. Common Criteria is based on seven levels of evaluation criteria. The higher the Evaluation Assurance Level (EAL), the higher level of security assurance you can expect for the certified product. (Apr. 2004 eServer magazine)

Securing S/390 Operating System Sysplex with RACF To verify that no Trojan-horse command (granting privileged authority or access) is executed without their knowledge, individuals with the SPECIAL attribute shouldn’t use PROCs or subsystems that reference program and list libraries that aren’t adequately protected. (Mar. 2004 eServer)

IBM Centralizes Security for the zSeries Mainframe Z/OS 1.5 will work with DB2 for z/OS V8 to provide multi-level security on the zSeries mainframe. Nine machines might be replaced by one zSeries mainframe running z/OS and DB2. Z/OS 1.6 is currently in evaluation for Common Criteria certification to the LSPP at EAL3+. Z/OS 1.6 will support more than 16 engines in a single image; 64-bit application development support for C/C++; and TCP/IP Sysplex health monitoring to improve TCP/IP availability. (Feb. 2004 Internetnews)

Mainframe's midlife crisis: Security In addition to conventional users of core CICS or IMS-based transactions, large organizations are shifting applications to the mainframe to save costs and increase performance and reliability. With so much traffic from so many sources -- and new government regulations aimed at consumer privacy and corporate diligence -- it's time for companies to rethink how they secure the mainframe. (Jan. 2004 Computerworld)

SUSE, IBM Score Key Security Certifications IBM and SUSE have successfully climbed another rung in the certification ladder by getting the CAPP/EAL3+ (Controlled Access Protection Profile) seal of approval. The certification spans a range of eServers, namely i-, p-, x- and zSeries machines. This makes SUSE the first Linux distributor to achieve both CAPP/EAL3+ and COE compliance. (Jan. 2004 Enterprise IT Planet)

The Most Destructive Viruses of All Time In 1980s, one of the first viruses spread by infecting IBM mainframe systems. But the attack did not gain much notice because it did not infect many systems. At the time, mainframes were found only in large corporations, and many had appropriate security checks in place. (Dec. 2003 TechNewsWorld)

Mainframe Security: Good Enough for the 21st Century? Your mainframe is connected to vulnerable computers and mainframe data is transmitted over insecure wires to partners. Cryptography bolsters three primary security functions: confidentiality, integrity, and non-repudiation. With cryptography, your data can’t be read or altered and, most importantly, you are assured of the identity of the sender, who, in turn, cannot deny that he sent the data. (Dec. 2003 Enterprise Systems Journal)

Security D'ohLTs Only a D’ohLT would come up with a security scheme that is so overly complex that it’s guaranteed people will write down their passwords. And yet, this kind of D'ohLTishness is par for the course with these guys. They are the most clueless profession I know, and they are showing no signs of getting any better. (Nov. 2003 AskTog)

Organised crime targets ALL IT staff Staff are typically targeted over a period of months in a social rather than work setting. Once recruited, IT staff are selling corporate secrets or allowing access to corporate systems for illegal use. (Oct. 2003 VNUnet)

Leading Edge Security With the increased need for isolation of data between different groups, the zSeries platform is adding new capabilities to z/OS 1.5. The Cryptographic Coprocessor Facility will no longer function on the z990, but will become available through CP Assist for the Cryptographic Facility (CPACF) and PCIX Cryptographic Coprocessor (PCIXCC). (Sep. 2003 eServer))

Implementing Secure Sockets on z/OS The migration from the apparently more secure SNA environment to TCP/IP, combined with the grwoth on internet services based on z/OS, is increasing the demand for secure communications. Implementing secure sockets protocols on z/OS is, in principle, relatively easy but in practice is likely to be fairly complex and time-consuimg. (Aug. 2003 zJournal)

IBM Beefs Up z990 Security Big Blue will make full-feature cryptography — which comprises both clear key and secure key encryption services — available to customers running z/OS versions 1.2 and 1.4 by September 19th. The 24- (C24) and 32-way (D32) variants of the z990 due in October will deliver up to 30 LPARs capability, which is a very impressive number for server consolidations. (Aug. 2003 Enterprise Systems Journal)

The Next Chapter: Web Services US programmers will be limited to sensitive, niche applications, while the bulk of programming will be done offshore. With the advent of Web services, the mainframe is much more vulnerable to corruption from outside forces. As companies realize this, or as instances of mainframe security breaches greatly increase, you'll see more companies roll out mainframe security measures before participating in Web services initiatives. (May 2003 ComputerWorld)

Why Secure Applications Are Difficult to Write The first rule of secure coding should be that of least privilege; that is, the code should run with the minimum amount of privilege necessary to perform its prescribed tasks. Code should run with admin privilege only if it is absolutely necessary to do so. And if such privilege is necessary, then additional security precautions are definitely warranted. (Apr. 2003 IEEE Security & Privacy)

Mainframe Virtual Security Some/many/most (take your pick) MVS systems contain customer-written or vendor-written SVC routines (or similar PC routines) that either ignore or fail to measure up to IBM's system integrity guidelines. I have not yet encountered an MVS system that could not be penetrated, one way or another! (May 2003 zJournal)

Guarding Mainframes in Real Time Though Unix System Services runs on a mainframe, security isn’t assured. It is still a Unix system, and the administrator on a Unix system is still all too powerful. And even though it’s safe when it’s properly configured, there are not a whole lot of messages to tell you what’s going on. (Apr. 2003 Enterprise Systems Journal)

Passwords too easy to crack Computer users are still using passwords that are too easy to crack because they have too many to remember. The average computer user had to remember 21 passwords - although, for heavy users, this total rose to 70. (Dec. 2002 VNU Net)

Who Goes There? The average user spends 16 minutes a day signing in to systems and being authenticated. User life-cycle management processes in most large companies are in disarray. Mainframe systems follow one set of policies. Corporate networks frequently take another approach. The result is an end-user nightmare of account names and passwords to memorize. (Oct. 2002 Optimize)

Announcing z/OS Release 4 The fourth release of z/OS includes improved workload management capabilities, advanced ebusiness security, extended network addressing with IPv6 protocols and up to 7,000 SSL transactions/second on a single z900 server. (Aug. 2002 IBM)

NASA technology protects mainframes Studies show that 90% of mainframes are connected to the Internet and 50% are engaged in some form of e-business today. But mainframes are less secure now than they were just seven to 10 years ago and mainframe systems, by and large, are very vulnerable to unauthorized access, misuse and attack. (Oct. 2002 Application Development Trends)

IT Execs Have Nothing On Shamed Notre Dame Coach About 23% of executive candidates misrepresent themselves on their resumes. And many of the offenders are seeking IT executive posts, such as CIO and CTO. What IT execs tend to fabricate most frequently is the significance of their job accomplishments, such as the impact and success of an IT project. (Jan. 2002 InformationWeek)

Top 10 Security Mistakes If there's a bugaboo among security experts, it's poorly chosen passwords. A global head of information risk management recommends that users take a common phrase and use its initials for a password. For example: "I pledge allegiance to the flag" becomes "ipa2tf." "That's a difficult password to break because it's a combination of letters and numbers. (July 2001 Computerworld)

Before Trouble Strikes The following checklist will help the key individuals in your organization to go through the thought process for preparing a disaster recovery plan. The objective is to restore all critical business functions, rather than such disparate functions as only the data center. (July 2001 Datamation)