2 5 security on system z, milos kaljevic
Upcoming SlideShare
Loading in...5
×
 

2 5 security on system z, milos kaljevic

on

  • 114 views

 

Statistics

Views

Total Views
114
Views on SlideShare
106
Embed Views
8

Actions

Likes
1
Downloads
4
Comments
0

1 Embed 8

http://www.slideee.com 8

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

2 5 security on system z, milos kaljevic 2 5 security on system z, milos kaljevic Presentation Transcript

  • © 2014 IBM Corporation. All rights reserved. IBM Smarter Solution Day 2014 – Croatia Security on System z Miloš Kaljevićććć, IBM
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z 2 Security on System z Who is affected by breaches in System z security The elements of an “advanced persistent threat” The four domains that are associated with a breach in security System z security software products and solutions Security conferences, links, documents
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z 3 You know? you can do this online now.
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z 4 IT security is a boardroom discussion Loss of market share and reputation Legal exposure Audit failure Fines and criminal charges Financial loss Loss of data confidentiality, integrity, and/or availability Violation of employee privacy Loss of customer trust Loss of brand reputation CEO CFO/COO CIO CHRO CMO Source: Discussions with more than 13,000 C-suite executives as part of the IBM C-suite Study Series
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z 5 A strong heritage of being an extremely secure platform for virtual environments and workloads Security is built into every level of the System z structure Processor Hypervisor Operating system Communications Storage Applications Extensive security certifications (for example, Common Criteria and FIPS 140) including EAL5+ A strong heritage of being an extremely secure platform for virtual environments and workloads Security is built into every level of the System z structure Processor Hypervisor Operating system Communications Storage Applications Extensive security certifications (for example, Common Criteria and FIPS 140) including EAL5+ Source: Verizon 2011 Data Breach Investigations Report Distribution of Data Breaches by Operating Systems IBM’s Fort Knox: System z
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z 6 Mainframe security practices have not kept pace with the inherent internal and external connections of today’s IT environments 75% of attacks are considered opportunistic. 75% are motivated by financial motives. 78% of initial intrusions are rated as low difficulty. Web applications are the most popular attack vector. “As mainframes become a major component in service-oriented architectures, they are increasingly exposed to malware. Web services on the mainframe have had a significant impact on security.” Meenu Gupta, President of Mittal Technologies Inc. “As mainframes become a major component in service-oriented architectures, they are increasingly exposed to malware. Web services on the mainframe have had a significant impact on security.” Meenu Gupta, President of Mittal Technologies Inc. Security policies outdated or not properly executed
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z 7 Latest trends Most-common attack types: 20% DDoS 13% SQL Injection 10% Malware 5% Watering hole 3% Physical access Roundup of 2013 security incidents: The overall attack tactics and techniques have not changed significantly The number of overall incidents has increased, the amount of traffic used in distributed-denial-of-service DDoS attacks has multiplied, the number of leaked records is steadily rising In 2013, attackers continued to use tried and true methods of extracting data Oracle Java vulnerabilities continue to be a top point of entry for many of these malware attacks
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z 8 Advanced Persistent Threats (APTs) are bypassing traditional defenses Advanced Using exploits for unreported vulnerabilities, also known as a “zero day” Advanced, custom malware that is not detected by antivirus products Coordinated attacks using a variety of vectors Persistent Attacks lasting for months or years Attackers are dedicated to the target; they will get in Resistant to remediation attempts Threat Targeted at specific individuals and groups within an organization, aimed at compromising confidential information Not random attacks; they are actually “out to get you” Phases of an APT Reconnaissance: Gather information about target system Probe and attack: Probe for weaknesses and deploy the tools Toehold: Exploit weakness and gain entry into the system Advancement: Advance from unprivileged to privileged Stealth: Hide tracks, install a backdoor Listening post: Establish a listening post Takeover: Expand control to other hosts on the network
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z Example of an Advanced Persistent Threat at a State Government, USA Malicious e-Mail (Phishing) Stolen User IDs and Passwords Databases / Systems • Employee “unwittingly executed malware, and became compromised” after opening a link in an e-mail. • Attacker harvested the employee’s credentials. • Leveraging the user’s access rights, attacker logged in via a remote access service and was able to gain access to other Department of Revenue systems and databases. • Attacker was able to install backdoor software, password dumping tools, and “multiple generic utilities to execute commands against databases.” • 33 unique pieces of malicious software and utilities was used to perform the attack • Breach went undetected for almost 2 months leading up to 44 systems to be compromised • 74.7 GB of date was stolen from the State’s 44 systems, including Mainframe data copied to SQL servers • 3.3 million unencrypted bank account numbers stolen • 3.8 million social security numbers for tax filers compromised • Cost the state $14 million • Department of Revenue Director forced to resign 44 Systems Breached over Two Months 74.7 GB of data 3.8M SSN’s 3.3M Bank Acct Nos 74.7 GB of data 3.8M SSN’s 3.3M Bank Acct Nos Endpoint Management Email Database Activity Monitoring Event Correlation Realtime Event Monitoring
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z Some publicly available tools that could be used in a Mainframe APT Cyber Crime Kits £25 (about $38 USD) will buy a cybercrime kit with exploits of thousands of coding errors. Trying looking for – Blackhole V2.0 – Phoenix – Price lists are available… If these can compromise your privileged users’ Windows systems, then they can get their passwords and then….. Shodan Can find mainframes on the WEB It will find your 3270 sessions presented on the internet Anyone with a 3270 emulator will be able to see the logon screens Solder of Fortran Shows script-kiddies how to copy a RACF database … and then crack it open using John the ripper to do a dictionary attack. RACFSNOW* – Have you tried it? – Did it get your passwords?
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z A list of companies running mainframes, available on Internet Belgium BNP Paribas Fortis Brussels Belgium NMBS-Holding Brazil BDF Banco Bradesco Banco do Brasil Banco Itau Riocard TI SERPRO Canada Canadian Imperial Bank of Commerce Co-operators Canada Enbridge Gas Distribution Royal Bank of Canada (RBC) Scotiabank …
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z 12 As a result, the security market is shifting Source: Client Insights 27-Jun-11, An Evaluation of the Security & Risk Opportunity; Assessing a New Approach to Competitive Differentiation, Ari Sheinkin, IBM, Vice President, Client Insights Traditional Focus Governance and Compliance Emerging Focus Risk Management Security strategy React when breached Continual management Speed to react Weeks/months Real time Executive reporting None Operational KPIs Data tracking Thousands of events Millions of events Network monitoring Server All devices Employee devices Company-issued Bring your own Desktop environment Standard build Virtualization Security enforcement Policy Audit Endpoint devices Annual physical inventory Automatically managed Security technology Point products Integrated Security operations Cost Center Value Driver
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z 13 Solving a security issue is a complex, four-dimensional puzzle People Data Applications Infrastructure Hackers Outsourcers Suppliers Systems applications Web Applications Web 2.0 Mobile apps Structured Unstructured At rest In motion Attempting to protect the perimeter is not enough – siloed point products and traditional defenses cannot adequately secure the enterprise Consultants Terrorists Customers JK2012-04-26 In motion Employees Systems Applications Outsourcers Unstructured Web 2.0 Customers Mobile Applications Structured
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z 14 IBM Security zSecure™ suite overview IBM Security zSecure Suite IBM Security zSecure Administration zSecure Admin: • Improves security at lower labor cost • Also saves cost by: • Avoiding configuration errors • Improving directory merges • Efficient group management zSecure Visual: • Permits changes in minutes vs. overnight • Provides access for only current employees and contractors (better business control) • Enables segregation of duties (minimizing business risk) • Aids in reducing labor cost and errors
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z 15 IBM Security zSecure suite overview (cont’d) IBM Security zSecure Suite IBM Security zSecure Compliance and Auditing zSecure Audit: • Reports can match business model/requirements • Prioritizes tasks (optimize labor utilization) • Helps find “segregation of duties” exposures (reduces risk) zSecure Alert: • Allows capture of unauthorized “back door” changes to RACF® / security policies • Addresses real-time audit control points, especially network audit control points zSecure Command Verifier • Audits RACF admins’ changes • Offers security monitoring without additional CPU/cost • Audit in seconds versus days
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z Key Characteristics IBM Guardium Provides Real-Time Database Security & Compliance Single Integrated Appliance Non-invasive/disruptive, cross- platform architecture Dynamically scalable SOD enforcement for DBA access Auto discover sensitive resources and data Detect unauthorized & suspicious activity Granular, real-time policies – Who, what, when, how Prepackaged vulnerability knowledge base and compliance reports for SOX, PCI, etc. Growing integration with broader security and compliance management vision Continuous, policy-based, real-time monitoring of all database activities, including actions by privileged users Database infrastructure scanning for missing patches, misconfigured privileges and other vulnerabilities Data protection compliance automation Integration with LDAP, IAM, SIEM, TSM, Remedy, … Also: Oracle MySQL Microsoft SQL Server Sybase Teradata Microsoft SharePoint PostgreSQL
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z 17 DAST Automates Application Security Testing DAST (Dynamic Analysis Security Testing) provides application security for multi-tiered, web-enabled applications involving the mainframe Scan Applications / Source Code Analyze (identify issues) Report (detailed and actionable) Mainframe or elsewhere “Running” web application Tampering with HTTP messages Results presented as exploited HTTP messages Easy to use, scales to thousands of users, provides organization-wide visibility and security controls
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z 18 Event Correlation Activity Baselining and Anomaly Detection User Activity Threat Intelligence Configuration Info Offense Identification Security Devices Network/Virtual Activity Application Activity Vulnerability Information Guardium DB2® IMS® VSAM zSecure z/OS® RACF® ACF2, TSS CICS® Servers & Mainframes Database Activity Network/Virtual Activity Extensive Data Sources Deep Intelligence Exceptionally Accurate and Actionable Insight+ = Centralized view of mainframe and distributed network security incidents, activities, and trends Better real-time threat identification and prioritization correlating vulnerabilities with Guardium and zSecure S-TAP feeds routed to QRadar via Guardium Central Policy Manager SMF data set feeds with zSecure Audit and Alert Increases accuracy of threat identification correlating application vulnerabilities with other security alerts to assign incident priorities and surface meaningful activity from noise Creates automatic alerts for newly discovered vulnerabilities experiencing active “Attack Paths” Produces increased accuracy of risk levels and offense scores, as well as simplified compliance reporting zSecure, Guardium, DAST, and QRadar® improve your security intelligence DAST Web Apps Mobile Apps Web services Desktop Apps
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z European zSecure User Group 2014 Learn about new functions and features from the zSecure Development team Share user experiences and tips Maximise your use of zSecure to help improve Security on your Mainframe Network with System z Security professionals, Business Partners and IBMers Influence future product content with requirements London on the 1st & 2nd July OR Frankfurt on the 3rd & 4th July
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z z Security Annual conference Security strategy Securing Mobile Cyber crime and z zSecure Update Cloud Security WebSphere Security Network Security z/VM security Linux security September 24th – 27th , 2013 Montpellier, France
  • IBM Software Group 21 IBM Software GroupIBM Smarter Solution Day 2014 – Croatia: Security on System z zSecure on Internet IBM Security zSecure Forum zSecure subject matter experts from around the world monitor this forum for your questions every day. http://ibmforums.ibm.com/forums/forum.jspa?forumID=3020 zSecure Product library http://www-01.ibm.com/software/tivoli/products/zsecure/ zSecure data sheets, solution sheets, and white papers http://www-306.ibm.com/software/tivoli/products/zsecure/ IBM Security zSecure Redbook http://www.redbooks.ibm.com/abstracts/sg247633.html?Open
  • IBM Software GroupIBM Software GroupIBM Smarter Solution Day 2014 – Croatia: Security on System z Docs & Books Redbooks & Redpapers http://www.redbooks.ibm.com/ zSecure Redbook: http://www.redbooks.ibm.com/abstracts/sg247633.html?Open Designing for Solution-Based Security on z/OS, SG24-7344 z/OS Version 1 Release 8 RACF Implementation, SG24-7248 IBM Tivoli Security and System z Redbook: http://www.redbooks.ibm.com/redpieces/abstracts/sg247633.html IBM Security zSecure 1.11 information center: http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.zsecure.doc/welcome.html Lab Service offerings: http://stgls01.rchland.ibm.com:81/toasted.nsf/services/AGSYS152 Education: http://www-306.ibm.com/software/tivoli/education/edu_prd.html#z CARLa forum: http://www.ibm.com/developerworks/forums/forum.jspa?forumID=1255
  • IBM Software GroupIBM Software GroupIBM Smarter Solution Day 2014 – Croatia: Security on System z zSecure Books zSecure Suite: CARLa-Driven Components Installation and Configuration Manual zSecure Suite: Admin and Audit for RACF User Reference Manual zSecure Suite: Alert User Reference Manual z/OS Security Healthcheck
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z Backup Slides
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z Most-common attack types in 2013
  • © 2014 IBM Corporation IBM Smarter Solution Day 2014 – Croatia: Security on System z