Mainframe Basics for Security Professionals
Getting Started with RACF
1st Edition
Published on 28. December 2007
192 pages
978-0-13-270434-2 (ISBN)
Description
Leverage Your Security Expertise in IBM (R) System z (TM) Mainframe Environments
For over 40 years, the IBM mainframe has been the backbone of the world's largest enterprises. If you're coming to the IBM System z mainframe platform from UNIX (R), Linux (R), or Windows (R), you need practical guidance on leveraging its unique security capabilities. Now, IBM experts have written the first authoritative book on mainframe security specifically designed to build on your experience in other environments.
Even if you've never logged onto a mainframe before, this book will teach you how to run today's z/OS (R) operating system command line and ISPF toolset and use them to efficiently perform every significant security administration task. Don't have a mainframe available for practice? The book contains step-by-step videos walking you through dozens of key techniques. Simply log in and register your book at www.ibmpressbooks.com/register to gain access to these videos.
The authors illuminate the mainframe's security model and call special attention to z/OS security techniques that differ from UNIX, Linux, and Windows. They thoroughly introduce IBM's powerful Resource Access Control Facility (RACF) security subsystem and demonstrate how mainframe security integrates into your enterprise-wide IT security infrastructure. If you're an experienced system administrator or security professional, there's no faster way to extend your expertise into "big iron" environments.
Coverage includes
Mainframe basics: logging on, allocating and editing data sets, running JCL jobs, using UNIX System Services, and accessing documentation
Creating, modifying, and deleting users and groups
Protecting data sets, UNIX file system files, databases, transactions, and other resources
Manipulating profiles and managing permissions
Configuring the mainframe to log security events, filter them appropriately, and create usable reports
Using auditing tools to capture static configuration data and dynamic events, identify weaknesses, and remedy them
Creating limited-authority administrators: how, when, and why
For over 40 years, the IBM mainframe has been the backbone of the world's largest enterprises. If you're coming to the IBM System z mainframe platform from UNIX (R), Linux (R), or Windows (R), you need practical guidance on leveraging its unique security capabilities. Now, IBM experts have written the first authoritative book on mainframe security specifically designed to build on your experience in other environments.
Even if you've never logged onto a mainframe before, this book will teach you how to run today's z/OS (R) operating system command line and ISPF toolset and use them to efficiently perform every significant security administration task. Don't have a mainframe available for practice? The book contains step-by-step videos walking you through dozens of key techniques. Simply log in and register your book at www.ibmpressbooks.com/register to gain access to these videos.
The authors illuminate the mainframe's security model and call special attention to z/OS security techniques that differ from UNIX, Linux, and Windows. They thoroughly introduce IBM's powerful Resource Access Control Facility (RACF) security subsystem and demonstrate how mainframe security integrates into your enterprise-wide IT security infrastructure. If you're an experienced system administrator or security professional, there's no faster way to extend your expertise into "big iron" environments.
Coverage includes
Mainframe basics: logging on, allocating and editing data sets, running JCL jobs, using UNIX System Services, and accessing documentation
Creating, modifying, and deleting users and groups
Protecting data sets, UNIX file system files, databases, transactions, and other resources
Manipulating profiles and managing permissions
Configuring the mainframe to log security events, filter them appropriately, and create usable reports
Using auditing tools to capture static configuration data and dynamic events, identify weaknesses, and remedy them
Creating limited-authority administrators: how, when, and why
All prices
More details
Edition
1. Auflage
Language
English
Place of publication
Armonk
United States
Publishing group
Pearson Education (US)
Target group
College/higher education
File size
5,75 MB
ISBN-13
978-0-13-270434-2 (9780132704342)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Classification
Other editions
Additional editions
Ori Pomerantz | Barbara Vander Weele | Mark Nelson
Mainframe Basics for Security Professionals
Getting Started with RACF
Book
01/2008
IBM Press
€43.32
Article exhausted; check different version
Persons
Ori Pomerantz has been securing computer networks--and teaching other people to do so--since 1995. Since joining IBM in 2003, he has written classes on several Tivoli (R) security products, including IBM Tivoli zSecure.
Barbara Vander Weele, a software engineer at IBM, has developed and presented education material on provisioning, security, storage, and business technologies for IBM Worldwide Education.
Mark Nelson, Senior Software Engineer at IBM, is a twenty-year veteran of the RACF design team and a frequent speaker on RACF and z/OS security-related topics.
Tim Hahn, IBM Distinguished Engineer, has been with IBM for seventeen years. He is Chief Architect for Secure Systems and Networks within the IBM Software Group Tivoli organization.
Barbara Vander Weele, a software engineer at IBM, has developed and presented education material on provisioning, security, storage, and business technologies for IBM Worldwide Education.
Mark Nelson, Senior Software Engineer at IBM, is a twenty-year veteran of the RACF design team and a frequent speaker on RACF and z/OS security-related topics.
Tim Hahn, IBM Distinguished Engineer, has been with IBM for seventeen years. He is Chief Architect for Secure Systems and Networks within the IBM Software Group Tivoli organization.
Content
Foreword xv
Preface xvii
Acknowledgments xix
About the Authors xxi
Chapter 1 Introduction to the Mainframe 1
1.1 Why Use a Mainframe? 1
1.2 Getting Started 4
1.3 Job Control Language (JCL) 7
1.4 z/OS UNIX System Services 19
1.5 Getting Help 22
1.6 Additional Information 25
Chapter 2 Users and Groups 27
2.1 Creating a User 27
2.2 How to Modify a User for OMVS Access 31
2.3 Groups 36
2.4 zSecure 42
2.5 Additional Information 43
Chapter 3 Protecting Data Sets and Other Resources 45
3.1 Protecting Data Sets 45
3.2 Other Resources 57
3.3 Security Data (Levels, Categories, and Labels) 64
3.4 Securing UNIX System Services (USS) Files 68
3.5 zSecure 70
3.6 Additional Information 71
Chapter 4 Logging 73
4.1 Configuring Logging 73
4.2 Generating Reports 82
4.3 UNIX System Services (USS) Logging 91
4.4 Logging in zSecure 95
4.5 Additional Information 97
Chapter 5 Auditing 99
5.1 Auditing 99
5.2 The RACF Data Security Monitor (DSMON) 100
5.3 The Set RACF Options (SETROPTS) Command 108
5.4 The RACF Database Unload Utility (IRRDBU00) 110
5.5 The RACF Health Checks 114
5.6 zSecure Auditing 118
5.7 Additional Information 120
Chapter 6 Limited-Authority RACF Administrators 121
6.1 Profiles Owned by Users 121
6.2 Group-Owned Profiles and Group Authorities 122
6.3 System-Level Authorities 128
6.4 Manipulating Users 129
6.5 Additional Information 133
Chapter 7 Mainframes in the Enterprise-Wide Security Infrastructure 135
7.1 What Is an Enterprise? 136
7.2 Enterprise Security Administration 144
7.3 Communicating between Enterprises-and Beyond 148
7.4 Additional Information 149
Index 151
Preface xvii
Acknowledgments xix
About the Authors xxi
Chapter 1 Introduction to the Mainframe 1
1.1 Why Use a Mainframe? 1
1.2 Getting Started 4
1.3 Job Control Language (JCL) 7
1.4 z/OS UNIX System Services 19
1.5 Getting Help 22
1.6 Additional Information 25
Chapter 2 Users and Groups 27
2.1 Creating a User 27
2.2 How to Modify a User for OMVS Access 31
2.3 Groups 36
2.4 zSecure 42
2.5 Additional Information 43
Chapter 3 Protecting Data Sets and Other Resources 45
3.1 Protecting Data Sets 45
3.2 Other Resources 57
3.3 Security Data (Levels, Categories, and Labels) 64
3.4 Securing UNIX System Services (USS) Files 68
3.5 zSecure 70
3.6 Additional Information 71
Chapter 4 Logging 73
4.1 Configuring Logging 73
4.2 Generating Reports 82
4.3 UNIX System Services (USS) Logging 91
4.4 Logging in zSecure 95
4.5 Additional Information 97
Chapter 5 Auditing 99
5.1 Auditing 99
5.2 The RACF Data Security Monitor (DSMON) 100
5.3 The Set RACF Options (SETROPTS) Command 108
5.4 The RACF Database Unload Utility (IRRDBU00) 110
5.5 The RACF Health Checks 114
5.6 zSecure Auditing 118
5.7 Additional Information 120
Chapter 6 Limited-Authority RACF Administrators 121
6.1 Profiles Owned by Users 121
6.2 Group-Owned Profiles and Group Authorities 122
6.3 System-Level Authorities 128
6.4 Manipulating Users 129
6.5 Additional Information 133
Chapter 7 Mainframes in the Enterprise-Wide Security Infrastructure 135
7.1 What Is an Enterprise? 136
7.2 Enterprise Security Administration 144
7.3 Communicating between Enterprises-and Beyond 148
7.4 Additional Information 149
Index 151
