You are previewing Reduce Risk and Improve Security on IBM Mainframes: Volume 3 Mainframe Subsystem and Application Security.
O'Reilly logo
Reduce Risk and Improve Security on IBM Mainframes: Volume 3 Mainframe Subsystem and Application Security

Book Description

This IBM® Redbooks® publication documents the strength and value of the IBM security strategy with IBM z™ Systems hardware and software. In an age of increasing security consciousness and more and more dangerous advanced persistent threats, IBM z Systems™ provides the capabilities to address the needs of today's business security challenges. This publication explores how z Systems hardware is designed to provide integrity, process isolation, and cryptographic capability to help address security requirements. We highlight the features of IBM z/OS® and other operating systems, which offer a variety of customizable security elements. We discuss z/OS and other operating systems and additional software that use the building blocks of z Systems hardware to provide solutions to business security needs. We also explore the perspective from the view of an enterprise security architect and how a modern mainframe has to fit into an overarching enterprise security architecture.

This book is part of a three-volume series that focuses on guiding principles for optimized mainframe security configuration within a holistic enterprise security architecture. The series' intended audience includes enterprise security architects, planners, and managers who are interested in exploring how the security design and features of z Systems, the z/OS operating system, and associated software address current issues such as data encryption, authentication, authorization, network security, auditing, ease of security administration, and monitoring.

Table of Contents

  1. Front cover
  2. Notices
    1. Trademarks
  3. IBM Redbooks promotions
  4. Preface
    1. Authors
    2. Now you can become a published author, too
    3. Comments welcome
    4. Stay connected to IBM Redbooks
  5. Chapter 1. Introduction to major mainframe middleware components
    1. 1.1 Major software infrastructure on z/OS
      1. 1.1.1 Scope of this book
      2. 1.1.2 Overview of major z/OS application middleware
      3. 1.1.3 Major z/OS infrastructure middleware overview
      4. 1.1.4 Logical architecture for middleware on z/OS
      5. 1.1.5 Interfaces and intercommunication
    2. 1.2 Middleware security
      1. 1.2.1 Self-managed
      2. 1.2.2 External security manager
      3. 1.2.3 Exits
      4. 1.2.4 Audit and compliance reporting
    3. 1.3 Considerations for programming, configuration, and performance
    4. 1.4 Logging
      1. 1.4.1 Internal logging and the syslog
      2. 1.4.2 SMF
  6. Chapter 2. Database managers
    1. 2.1 IBM DB2 for z/OS
      1. 2.1.1 Security concepts and architecture
      2. 2.1.2 Guidelines for configuring security
    2. 2.2 IBM Information Management System
      1. 2.2.1 Security concepts and architecture
      2. 2.2.2 Guidelines for configuring security
    3. 2.3 Virtual Storage Access Method
      1. 2.3.1 Security concepts and architecture
      2. 2.3.2 Guidelines for configuring security
  7. Chapter 3. WebSphere Application Servers and web servers
    1. 3.1 IBM WebSphere Application Server overview
    2. 3.2 Security concepts and architecture
      1. 3.2.1 Global security configuration
      2. 3.2.2 SSL/TLS
      3. 3.2.3 Java security
    3. 3.3 Interfaces (transaction systems, databases, IBM MQ, web server, and other adapters)
      1. 3.3.1 WebSphere Message Queue
      2. 3.3.2 Event monitoring and recording (SMF, internal logging)
    4. 3.4 Guiding principles for configuring security
      1. 3.4.1 Common misconfigurations
      2. 3.4.2 Security considerations
  8. Chapter 4. Transaction processing systems
    1. 4.1 IBM CICS Transaction Server
      1. 4.1.1 Security concepts and architecture
      2. 4.1.2 Guiding principles for configuring security
    2. 4.2 IBM Information Management System Transaction Manager
      1. 4.2.1 Security concepts and architecture
      2. 4.2.2 Guiding principles for configuring security
  9. Chapter 5. IBM MQ messaging system
    1. 5.1 IBM MQ security concepts and architecture
      1. 5.1.1 Security setup
      2. 5.1.2 IBM MQ RACF RESLEVEL profile
      3. 5.1.3 IBM MQ resource security
      4. 5.1.4 IBM MQ Security Management
      5. 5.1.5 IBM MQ CICS adapter
      6. 5.1.6 IBM MQ IMS adapter
      7. 5.1.7 Channel security
      8. 5.1.8 Threats and risks
      9. 5.1.9 Event monitoring and recording
    2. 5.2 Guiding principles for configuring security
      1. 5.2.1 Common misconfigurations
      2. 5.2.2 Security considerations
  10. Chapter 6. Session management
    1. 6.1 IBM Session Manager basics
    2. 6.2 Security concepts and architecture
      1. 6.2.1 User authentication
      2. 6.2.2 Static menus
      3. 6.2.3 Security setup
      4. 6.2.4 Session Manager commands
      5. 6.2.5 Session Manager command statements
      6. 6.2.6 Threats and risks
      7. 6.2.7 Event monitoring and recording
    3. 6.3 Guiding principles for configuring security
      1. 6.3.1 Certificate express logon and PassTickets
      2. 6.3.2 Security considerations
      3. 6.3.3 VTAM dump considerations
      4. 6.3.4 Protection of IBM Session Manager libraries and PDSE data sets
  11. Chapter 7. Scheduling systems
    1. 7.1 Tivoli Workload Scheduler for z/OS basics
    2. 7.2 Security concepts and architecture
      1. 7.2.1 Protecting the Workload Scheduler subsystem
      2. 7.2.2 Controlling access to Workload Scheduler
      3. 7.2.3 Event-triggered tracking
      4. 7.2.4 Security exits
      5. 7.2.5 Threats and risks
      6. 7.2.6 Event monitoring and recording
    3. 7.3 Guiding principles for configuring security
      1. 7.3.1 Workload Scheduler applications
      2. 7.3.2 Submitting user IDs
      3. 7.3.3 Protecting JES resources
      4. 7.3.4 Batch and protection of source JCL and code
  12. Related publications
    1. IBM Redbooks
    2. Help from IBM
  13. Back cover