2017 - A New Look at Mainframe Hacking and Penetration Testing v2.2
Jun. 28, 2017•0 likes•1,985 views
Download to read offline
Report
Technology
What tools are out there today?
How do these tool impact us?
What's the state of mainframe security?
How do we keep up to date?
How do we protect ourselves?
What are IBM and the vendors doing to help us?
2. Agenda
• Introduction
• Setting the scene
• The traditional stuff!
• What tools are out there today?
• How do these tool impact us?
• What’s the state of mainframe security?
• How do we keep up to date?
• How do we protect ourselves?
• What are IBM and the vendors doing to help us?
• Summary
5. Introducing RSM Partners
• Sole Focus is IBM Mainframe Services
• IBM Business Partner
• World Leading, 1000+ Man Years Experience
• Run 3 mainframes in-house
• Working with large financial, retail & utility companies
• One area of specialism is mainframe security
– Whole range of services, Audits, pen tests, migrations and
security remediation programs
• We have a reputation for….
– On time, On budget, Every Time
8. Still the – Top Ten Audit Issues
1. Excessive Number of User ID’s w/No Password Interval
2. Inappropriate Usage of z/OS UNIX Superuser Privilege, UID = 0
3. Data Set Profiles with UACC Greater than READ
4. RACF Database is not Adequately Protected
5. Excessive Access to APF Libraries
6. General Resource Profiles in WARN Mode
7. Production Batch Jobs have Excessive Resource Access
8. Data Set Profiles with UACC of READ
9. Improper Use or Lack of UNIXPRIV Profiles
10. Started Task IDs are not Defined as PROTECTED IDs
9. Carla – Identify Audit concerns
NewList type=audit TT='Audit Concerns on the mainframe'
Select AuditPriority>=20
SortList AuditPriority(nd,descending) ,
System Area AreaParm AuditConcern ,
AuditPriority ParmName ParmValue
37. How do we protect ourselves?
• Get on the front foot
• Be proactive
• Talk to the folks in your organisation and understand what they are
doing with:
– Identity and Access Management
– SIEM
• How many times do we hear that the m/f is out of scope?
– Privileged Users and Privileged Access
– Data classification
38. How do we protect ourselves?
• Get on the front foot
• Be proactive
• Talk to the folks in your organisation and understand what they are
doing with:
– Identity and Access Management
– SIEM
• How many times do we hear that the m/f is out of scope?
– Privileged Users and Privileged Access
– Data classification
46. Summary
• Our world is has changing changed.
• We are not an isolated platform anymore.
• In a connected, digital world, we are the big game in town.
• The hackers, in whatever form are coming after us and they will
succeed have succeeded.
• We need to wake our management up and make them realise years
of underinvestment and a lack of attention will come back and bite
them.