The document discusses network and endpoint security, outlining its importance in protecting digital networks and devices from cyber threats. Key topics include the impact and costs of security breaches, real-world examples of inadequate security measures, and best practices for securing systems. The author, Rui Miguel Feio, emphasizes the need for continuous evaluation, education, and updates to security measures in an increasingly digital world.

1. Delivering the best in z services, software, hardware and training.Delivering the best in z services, software, hardware and training.
Delivering the best in z services, skills, security and software.
Network and Endpoint Security
Rui Miguel Feio – Senior Technical Lead

2. Agenda
• Network and Endpoint Security – what is it?
• Problems and risks
• Impact and cost of a security breach
• How to implement Network and Endpoint Security?
• Endpoint Security management
• Challenges
• Real example of an ineffective implementation
• Online world and Hackers
• Network and endpoint security on the mainframe

3. Who am I?
RUI MIGUEL FEIO
• Senior Technical Lead at RSM Partners
• Based in the UK but travels all over the world
• 18 years experience working with mainframes
• Started with IBM as an MVS Sys Programmer
• Specialist in mainframe security
• Experience in other platforms

4. Technological and Social Evolution
• Society is evermore dependent on technology to function
• There’s a prevalence for storing data in digital format
• Globalisation is not only a social-economic event, but digital as well
(Internet)
Image Source: paleoplan.com

5. The digital network

6. • Network security refers to technologies and processes that are used
to keep digital networks in good, secure working order.
• Endpoint security refers to any device that connects to the digital
network, from servers to desktops, mobile devices, and any other
device that is network-enabled.
• As such, Network and Endpoint Security aims to protect and ensure
the normal functioning of the digital network and devices
connected to it.
Network and Endpoint Security

7. • We can only secure what we ‘control’:
– Company digital network
– Devices connected to the company’s
digital network
• Is this enough? No, we should also consider:
– People
– Business partners
– Service providers
– Physical security
Securing our interests

8. • Misconfigured hardware/software
• Lack of knowledge and resources
• Default settings
• Human factor
• Cyber criminals
• Systems not up-to-date
• Solutions not fit for purpose
• Lack of interest
• Out of support software/hardware
Problems lead to security risks

9. • OS/2 was a computer operating system, initially
created by Microsoft and IBM, then later
developed by IBM exclusively.
• The first version of OS/2 was released in
December 1987 and newer versions were
released until December 2001.
• OS/2 went out of support in December 2006.
• OS/2 is still used today by a UK Bank to run one
of its critical application.
• There’s no plan to have it moved into a different
platform.
Have you ever heard of OS/2?

10. • A security breach can have devastating
effects to the company:
– Reputation
– Exposure of confidential data and
information
– Financial
• It can even compromise the existence of
the company
Impact of a Security Breach

11. Cost of a security breach
https://www-03.ibm.com/security/infographics/data-breach/

12. Cost of a security breach
https://www-03.ibm.com/security/infographics/data-breach/

13. Cost of a security breach
https://www-03.ibm.com/security/infographics/data-breach/

14. Cost of a security breach
https://www-03.ibm.com/security/infographics/data-breach/

15. How to Secure?
Your LogoYour
SECURITY
Processes
Analysis
Education
Review
Monitor
Alerting
Audit & Testing
Improve

16. Endpoint Security Management
http://cybersec.buzz/endpoint-security-sizzling-however/

17. The Challenges
Mentalities

18. On a Pen Test at one of the top 5 US banks:
• Client was convinced they had a top of the art
network security system.
• I decided to unplug Ethernet cable from one of
the terminals and connect it to my laptop
• This went without detection
• I was able to run a port scan on the mainframe
without detection
• This was just the beginning!!...
When you think you got it right...

19. On a Pen Test at one of the top 5 US banks:
• Client was convinced they had a top of the art
network security system.
• I decided to unplug Ethernet cable from one of
the terminals and connect it to my laptop
• This went without detection
• I was able to run a port scan on the mainframe
without detection
• This was just the beginning!!...
When you think you got it right...
Vulnerabilities
24 high risk
25 medium risk
2 low risk

20. Off With Their Heads!!

21. • Is it enough to protect the company’s digital
network and devices?
• Have you consider internal breaches?
• How about the online services you use?
• Is your site really secure?
• Is everyone following the security procedures?
The big questions

22. • Most online services (Google, social media,
etc) collect data:
– Type of device (OS, Web browser, device
type, etc)
– Location
• This data can be used to:
– Develop user/company profiles
– Customised ads
– Customised what we see (WYSIWYG)
The Online ’World’

23. • Companies are a prime target for Hackers
• Social media is a source of information
• Data collected online can be used to
compromise your systems
• Hackers have time, patience, and in many
cases, resources
• It’s not a matter of if you will be hacked, it’s
a matter of what will you do when you are?
The Hackers are coming for you

24. Hackers’ resources

25. Social engineering
http://www.social-engineer.org/social-engineering/social-engineering-infographic/

26. Hackers’ resources

27. Network and Endpoint security on the
mainframe
• SERVAUTH class:
– STACK
– PORT
– NET ACCESS
• Policy Agent
• AT-TLS
• IPSEC
• IP Filtering
• Intrusion Detection Services

28. • Defence Manager Daemon
• Traffic Regulation Management Daemon
• Syslog Daemon (SyslogD)
• SNA environment
• Enterprise Edition (EE) connections make
sure who they are connected to and what
access the 3rd parties has
• Internal Telnet connections
Network and Endpoint security on the
mainframe

29. • Implement alerting systems (IBM
zSecure, Vanguard, …)
• Monitoring systems
• Perform on a regular basis:
– Security audits
– Penetration testings
– Security remediations
– Recertification
• Review processes and procedures
• Educate and train your resources
Mainframe – What else?

30. • Review your security policies across the board
• Review your technological estate
• Provide regular training and awareness
• Keep your systems up-to-date
• Segregate and do not allow devices that do not meet
the minimum security requirements
• Perform regular security audits, and pen tests
• Pay special attention to default settings
• Always assume you’ve already been hacked!
Before we go, a quick review

31. Questions?

32. Rui Miguel Feio, RSM Partners
ruif@rsmpartners.com
mobile: +44 (0) 7570 911459
www.rsmpartners.com
Contact
www.linkedin.com/in/rfeio