This presentation addresses the requirements to protect the mainframe system from hackers. Common problems that need to be addressed, risks and mentalities that need to adapt to the new security realities.
14. Top 10 Security Vulnerabili@es
1. Excessive access to APF libraries
2. Number of users with System Special
3. User SVCs reques@ng privileged func@ons
4. USS controls (UNIXPRIV, UID=0)
5. Started tasks not defined as PROTECTED
6. RACF database not properly protected
7. Profiles in OPERCMDS Class not properly set
8. SURROGAT profiles permihng use of privileged userids
9. RACF profiles with UACC or ID(*) > NONE
10. Batch Jobs with excessive resource access
17. What’s the Problem?
• Profiles in OPERCMDS Class not properly set
– Controls who can issue operator commands: JES, MVS, operator commands.
• SURROGAT profiles permihng use of privileged userids
– This class allows userids to access the privileges of other userids by submihng
work under their authority without requiring a password.
• RACF profiles with UACC or ID(*) > NONE
– If a userid is not defined to the Access Control List (ACL) of a RACF profile,
UACC or ID(*) will provide them the access. In some cases, READ access can be
a security risk because it can provide access to sensi@ve data.
39. Light Reading
• “IBM 2015 Cyber Security Intelligence Index”, IBM
• “2015 Threat Report”, Websense
• “2015 Cost of Cyber Crime Study: Global”, Ponemon Ins@tute
• “The Human Factor 2015”, Proofpoint
• “The Insider Threat: Detec@ng Indicators of Human Compromise”, Tripwire
• “White Hats, Black Hats. A Hacker Community is Emerging Around the
Mainframe. What You Need to KNow…”, Mike Rogers @ Aoachmate.com
• “The Art of War”, Sun Tzu