MC Press Online
Welcome to the MC Press Online!
Need help with our eBooks?
Click here, to go to our main store

  MC Press Online eBookStore  

IBM Mainframe Security
preview of book IBM Mainframe Security
text of book IBM Mainframe Security

IBM Mainframe Security

Publisher: MC Press Online
Publication Date: 2013
Subject: Computer: Security
Category: System Admin
Number of Pages: 225

Free Preview    Email to Friend   Add to wish list
 Available as: (for format`s description click on its name)
Individual E-Version (PDF) Individual E-Version (PDF) ISBN: 978-1-58347-828-8  
 Reg.: $
59.99 per N pages
 You Save: 
$16.68 (27%)
 Online  Open CopyPrint    
all time
Printed Edition   see MC Press Online    
About this title
Mainframes are the backbone of most large IT organizations—and many medium-sized companies, too. Their security cannot be left to chance. Yet in many corporations, budget restrictions and the retirement of senior personnel are creating a “knowledge gap” in this critical area. With little training available to the younger crowd, and the senior, experienced people retiring or close to it, the need for mainframe security skills at the senior level is greater than ever. This book fulfills that need.

IBM Mainframe Security moves beyond the basic material available elsewhere to discuss the important issues in IBM mainframe security from a practical, real-life perspective. Author Dinesh D. Dattani covers security and audit issues, business best practices, and compliance, drawing on more than 30 years of experience as a mainframe security practitioner, consultant, and trainer.

The book is written in tutorial format, with quizzes and pointers designed to help readers assess the current security in their own organizations. Most chapters are independent of one another, so readers can pick any topic they are interested in and immediately dive into the practical aspects that installations require.

If you want to move beyond basic RACF skills and boost your security knowledge and understanding, this book is the guide you need.

With IBM Mainframe Security, you will:
  • Learn how to identify and reduce security weaknesses at your installation
  • Know what it takes to adequately protect the operating system
  • Understand security best practices
  • Increase your security administration knowledge
  • Improve your security skills and productivity
  • Learn about audit issues
About author
Dinesh D. Dattani
Dinesh D. Dattani is a mainframe security consultant and president of Triple-D Mainframe Services, Ltd., in Toronto, Canada. He has more than 30 years of mainframe security experience at a number of companies in North America. His consulting career spans diverse industries and sectors, including banking, telecom, automotive, insurance, energy, government, and service providers.

Dinesh has also provided hands-on and classroom training on mainframe security to a number of clients. Before starting his own company, he was a system programmer working on mainframe operating systems. This base gave him an invaluable understanding of the technical aspects of mainframe security.

Dinesh has authored nearly 60 articles on mainframe security and is the author of the IBM white paper Best Practices for System z Security: Mainframe Security Matters—Thinking Outside the Box (2006). He holds a bachelor of mathematics degree with a major in computer science from the University of Waterloo, Canada.


PART ONE: Securing Business Data
Chapter 1: How the Mainframe Provides Security
How RACF Does Access Checking
The RACF Access Checking Diagram

Chapter 2: RACF Special Privileges
Logging Special Privilege Activities
Mitigating the Risk of Special Privileges
Alternatives to the OPERATIONS Privilege

Chapter 3: The Data Security Monitor (DSMON)
How to Produce DSMON Reports
Understanding DSMON Reports

Chapter 4: Security Event Logging and Auditing
Auditing User Activity
Auditing Resources at the Profile Level
Using the GLOBALAUDIT Operand
Auditing Resources at the Class Level
Auditing Users with Special Privileges
Auditing Profile Changes
Auditing Failures to RACF Commands
RACF Automatic Loggings
The Importance of Security Log Retention

Chapter 5: The Global Access Checking (GAC) Table
The Benefits of GAC
The Security Concerns of GAC
Implementing GAC
Mitigating the Security Risks of GAC
The Benefits of GAC Mirror Profiles
Good Candidates for GAC Processing

Chapter 6: Understanding the FACILITY Class
Storage Administration Profiles
z/OS UNIX Profiles
RACF Profiles
Other Profiles
Security Administration of FACILITY Class Profiles
The FACILITY Class's Documentation
Third-Party Vendor Products
In-House Developed Products
FACILITY Class Profiles: A Word of Caution

Chapter 7: The Benefits of the SEARCH Command
Creating RACF Commands
Cleaning Up the RACF Database
Listing Profiles, User IDs, and Groups
Revoking User IDs
Finding Duplicate UIDs and GIDs
Searching a User's Access to Profiles
Finding Discrete Profiles

Chapter 8: WARNING Mode and Its Implications
The Proper Use of WARNING Mode
The Incorrect Use of WARNING Mode
Finding All Profiles in WARNING Mode
Make Sure WARNING Mode Is Justified
Remove WARNING Mode Where Inappropriate

Chapter 9: Understanding z/OS UNIX Security
How z/OS UNIX Security Works
Planning for z/OS UNIX Security
Unique UIDs and GIDs Recommended
The SUPERUSER Privilege
Auditing z/OS UNIX
Implementing z/OS UNIX Controls
FACILITY Class Considerations
UNIXPRIV Class Considerations
Other z/OS UNIX Considerations

Chapter 10: The Benefits of RACF Commands in Batch Mode
Capturing the Results of RACF Commands
Automating a Process
Performing an Action Repeatedly
Entering Groups of RACF Commands
When Batch Mode Is the Only Method

Chapter 11: Security Administration: Beyond the Basics
Doing It Right the First Time
Being Inquisitive
Understanding RACF User Profile Segments
What Is a RACF Discrete Profile?
What Are Undefined RACF User IDs?
Universal Access (UACC) Considerations
The Restricted Attribute
Disaster Recovery Considerations
What Are RACF “Grouping Classes”?
What Is RACF “Undercutting”?
What Is a RACF “Back-Stop” Profile?
Why User IDs Must Not Be Shared
Granting Temporary Access to Resources
Creating “Fully-Qualified” Generic Profiles
Specifying Strong Passwords
RACF Global Options

PART TWO: Securing the z/OS Operating System
Chapter 12: APF-Authorized Libraries
What Is the Risk?
Finding APF-Authorized Libraries
How Do You Mitigate This Risk?

Chapter 13: The System Management Facility (SMF)
What Is the Risk?
How Do You Mitigate This Risk?

Chapter 14: Operating System Data Sets
System Parameter Libraries
System Catalogs
Assorted Operating System Data Sets

Chapter 15: RACF Databases
What Is the Risk?
How Do You Mitigate This Risk?

Chapter 16: RACF Exits
What Is the Risk?
How Do You Mitigate This Risk?

Chapter 17: System Exits
What Is the Risk?
How Do You Mitigate This Risk?

Chapter 18: Started Procedures
What Is the Risk?
How Do You Mitigate This Risk?

Chapter 19: Tape Bypass Label Processing (BLP)
What Is the Risk?
How Do You Mitigate This Risk?

Chapter 20: The SYS1.UADS Data Set
A Brief History of SYS1.UADS
How SYS1.UADS Works with RACF
Keeping SYS1.UADS Current

Chapter 21: The System Display and Search Facility (SDSF)
What Is the Risk?
How Do You Mitigate This Risk?

Chapter 22: The Program Properties Table (PPT)
What Is the Risk?
How Do You Mitigate This Risk?

Chapter 23: Special-Use Programs
What Is the Risk?
How Do You Mitigate This Risk?

PART THREE: Security Infrastructure Matters
Chapter 24: Application and Batch ID Security
Segregate Production from Non-Production
Batch IDs Must Not Share Application Data
Production JCL Must Not Refer to Personal Data Sets
Be Careful About SURROGAT Class Access
Restrict Direct Update Access to Production Data

Chapter 25: Security Architecture
Internal vs. External Security
The Benefits of External (RACF) Security
Centralized Security or Decentralized Security?

Chapter 26: The RACF Unload Database
How It Was Done Before
Creating the RACF Unload Database
The Benefits of the RACF Unload Database
The Uses of the RACF Unload Database
Getting Quick Answers Using TSO

Chapter 27: Increasing Your Productivity
Learn More About ISPF Edit Capabilities
Join Online User Groups
Find a Mentor
Use RACF Help Functions
Use Online Manuals
Get Free Utilities
Subscribe to Vendor Publications
Use Native RACF Commands

Chapter 28: Security Compliance

Chapter 29: Security Best Practices
Implement Role-Based Security
Periodically De-Clutter Your Security Database
Handle Employee Transfers and Terminations As They Occur
Identify Your Important Data
Assign Ownership to All Data
Keep All Security Within RACF
Log Accesses to Important Data
Conduct Periodic Reviews of All Access Rights
Implement Change Management for Production JCL
Report and Monitor Security Activities
Implement Segregation of Duties
Require Approval Before Granting Access

Chapter 30: Security Add-On Products
The Benefits of RACF Add-On Products
Simplified Security Administration
Security Monitoring
Password Resets
Security Reporting
Security Compliance and Enforcement

Related titles
DB2 10 for z/OS Database Administration: Certification Study Guide (Exam 612)DB2 10 for z/OS Database Administration: Certification Study Guide (Exam 612)
DB2 11: The Database for Big Data & AnalyticsDB2 11: The Database for Big Data & Analytics
DB2 9 System Administration for z/OS: Certification Study Guide (Exam 737)DB2 9 System Administration for z/OS: Certification Study Guide (Exam 737)
IBM Cloud Platform PrimerIBM Cloud Platform Primer
IBM i Security Administration and ComplianceIBM i Security Administration and Compliance
  Special Offer Code  
Enter your Special Offer Code here:
  Search for  

  Our Products  
Browse all »»
DB2 10 for z/OS Database Administration (Exam 612), Chapter 04: Database Objects
IBM InfoSphere
WebSphere Application Server

If download option is selected, Adobe Acrobat 5.0 or later is required to read our e-books*

Windows PC, Mac OS9/OSX, and Linux