Audit and Security of IBM's z/OS, RACF, CICS and DB2

With the current emphasis on small systems, personal computers and mobile devices, it's easy to forget that the mainframe exists - in fact it's still the power behind many corporate systems, quietly processing vast amounts of data behind the scenes, just as it always did.

One of the biggest suppliers of mainframe systems is of course IBM, with its zSeries range of machines. This fast-paced two-day training course will give you all of the background and basic knowledge you need to plan and undertake the audit of an IBM zSeries installation. Using demonstrations from a live IBM ZSeries machine, You'll learn how the system is configured, how its operating parameters are set and how they can be overridden to change the behaviour of the system. You will learn the principles of the RACF security sub-system that controls access to all processes and data, and how to use its reporting capabilities to extract audit data.

The CICS transaction monitor is IBM's solution for providing fast high-volume on-line transaction capabilities in an mainframe environment. CICS has a large number of settings that can be modified to control its behaviour and security, and this course gives you the essential knowledge needed to understand CICS processes and transactions, and where to look for the essential control information that allows you to plan and carry out an audit.

Finally, you will learn how the DB2 database system works in a mainframe environment and how it integrates with RACF and CICS to build database applications.

Suggested duration: 2 days, but can be customised to your requirements.

Agenda

Principles of z/OS
The main z/OS components
Z\OS virtualisation – LPAR and its uses
IPL – the z/OS start-up process
Risks of incorrect or insecure IPL
System load components – the key SYS1 libraries and their risks
Interacting with MVS – TSO, ISPF, CICS and JES – their risks and controls
System integrity features
Secure operator commands
Secure started tasks
Z/OS system authorization facility
APF – the Authorised Program Facility and its risks
Z/OS UNIX and its security
Networking risks with z/OS – communications security

RACF Principles
Evolution of RACF to Security Server
Installation and configuration of RACF
The SETROPTS command and its options
RACF access control principles
Groups
Profiles
Data set protection
General resource classes
Password policies
User attributes
Use of the RVARY function
RACF exits – their risks and uses
Use of RACF security labels
Control of started tasks
RACF and LDAP – use of RACF for PKI and certificate control
RACF and CICS – how transactions are secured
RACF reporting
Extracting RACF data – use of DSMON and RACFICE tools
A typical RACF audit program

CICS Security and Audit
Operating principles of CICS
How applications communicate with CICS
CICS resource definitions
Creating a sample CICS program
Interaction between CICS and DB2
CICS internal security and its risks
CICS security and RACF
Risks of badly controlled CICS programs
Extracting audit information from the CICS database using the CEDA and CEDC CICS
transactions

DB2 Database Security and Control
How DB2 works
DB2 authentication methods and how they use the host operating system
DB2 authorities – their capabilities and risks
The DB2 logical layout – the important system schemas and their risks
How to list authorizations and privileges
Implicit granted authorities and their risks
Authorization checking for DB2 commands and SQL statements
Identifying DB2 tablespaces
Enumerating DB2 object access permissions
Object ownership
DB2 and RACF
Database auditing and intrusion detection – how to list the audit settings and use the
audit trail
DB2 Security Checklist