Book description
This IBM® Redbooks® publication documents the strength and value of the IBM security strategy with IBM System z® hardware and software. In an age of increasing security consciousness, IBM System z provides the capabilities to address the needs of today's business security challenges. This publication explores how System z hardware is designed to provide integrity, process isolation, and cryptographic capability to help address security requirements. This book highlights the features of IBM z/OS® and other operating systems, which offer various customizable security elements under the Security Server and Communication Server components. This book describes z/OS and other operating systems and additional software that leverage the building blocks of System z hardware to provide solutions to business security needs.
This publication's intended audience is technical architects, planners, and managers who are interested in exploring how the security design and features of System z, the z/OS operating system, and associated software address current issues, such as data encryption, authentication, authorization, network security, auditing, ease of security administration, and monitoring.
Table of contents
- Front cover
- Notices
- IBM Redbooks promotions
- Preface
- Part 1 Direction and architecture
- Chapter 1. Introduction: Why these books are being written
- Chapter 2. Foundation of a holistic security architecture
- Chapter 3. Mainframe security architecture in the enterprise
- Chapter 4. Hardware components
-
Chapter 5. Software components
- 5.1 Operating systems
-
5.2 z/OS functions
- 5.2.1 Initial program load
- 5.2.2 Master scheduler
- 5.2.3 The link pack area
- 5.2.4 System parameters
- 5.2.5 Linklist
- 5.2.6 Job entry subsystem
- 5.2.7 Job Control Language
- 5.2.8 Procedures and tasks
- 5.2.9 Time Sharing Option
- 5.2.10 ISPF
- 5.2.11 Data sets
- 5.2.12 Catalog
- 5.2.13 Input/output processing
- 5.2.14 Storage management
- 5.2.15 SDSF
- 5.2.16 System Management Facility
- 5.2.17 Resource Measurement Facility
- 5.2.18 System logger
- 5.2.19 UNIX System Services
- 5.2.20 Software delivery
- 5.2.21 SMP/E
- 5.2.22 Cross-system coupling facility
- 5.2.23 z/OS Security Server
- 5.2.24 Language Environment
- 5.3 Network functions
- 5.4 Application software
- 5.5 ISV/OEM software
- 5.6 Conclusion
-
Chapter 6. Security solutions for IBM System z
- 6.1 IBM InfoSphere Guardium for z/OS
- 6.2 IBM Security zSecure Suite
-
6.3 IBM Security QRadar
- 6.3.1 IBM Security QRadar Log Manager
- 6.3.2 IBM Security QRadar SIEM
- 6.3.3 IBM Security QRadar Risk Manager
- 6.3.4 IBM Security QRadar QFlow for network and application activity monitoring
- 6.3.5 IBM Security QRadar VFlow for virtual activity monitoring
- 6.3.6 IBM Security QRadar Vulnerability Manager
- 6.3.7 IBM Security QRadar Network Anomaly Detection
- 6.3.8 Integration of QRadar SIEM with z/OS
- 6.4 IBM Security Key Lifecycle Manager
- 6.5 IBM Enterprise Key Management Foundation
- 6.6 Encryption Facility for z/OS
- 6.7 IBM Security AppScan
- 6.8 IBM Security Access Manager
- 6.9 IBM Security Identity Manager
- 6.10 Federated Identity Management
- 6.11 Conclusion
- Part 2 Guiding principles for IBM System z security
-
Chapter 7. Organizing for security
- 7.1 The mainframe infrastructure does not exist alone
- 7.2 Security policy definition and implementation
- 7.3 Security design
- 7.4 Continuous improvement
- 7.5 System z audits
- 7.6 Monitoring, alerting, and forensics
- 7.7 Access creep
- 7.8 The purpose of security
- 7.9 Types of security controls
- 7.10 Standards-based approach
- 7.11 Security engineering
- 7.12 Conflicts of interest
- 7.13 Proving that security controls work
- 7.14 IBM services to help you
- 7.15 Decision time
- 7.16 Conclusion
-
Chapter 8. IBM System z hardware
- 8.1 Physical access controls
- 8.2 Hardware Management Console and Support Element
- 8.3 Input and output configuration
- 8.4 Terminals and printers
- 8.5 Storage devices
- 8.6 Tape libraries and removable media
- 8.7 Network adapters
- 8.8 Other peripheral devices
- 8.9 Logging and auditing for hardware
- 8.10 Conclusion
-
Chapter 9. IBM z/OS security
- 9.1 Introduction
- 9.2 z/OS settings
- 9.3 z/OS system routines
-
9.4 z/OS component protection
- 9.4.1 UACC
- 9.4.2 RACF database
- 9.4.3 Master catalog
- 9.4.4 SYS1.PARMLIB
- 9.4.5 System data sets
- 9.4.6 System page data sets
- 9.4.7 System dump data sets
- 9.4.8 SYS1.STGINDEX
- 9.4.9 SYS1.LOGREC
- 9.4.10 SMF data sets
- 9.4.11 System linklist
- 9.4.12 System LPALIST
- 9.4.13 APF-authorized libraries
- 9.4.14 System log
- 9.5 The IBM Health Checker for z/OS
-
9.6 RACF settings
- 9.6.1 INITSTATS
- 9.6.2 SAUDIT
- 9.6.3 CMDVIOL
- 9.6.4 OPERAUDIT
- 9.6.5 AUDIT classes
- 9.6.6 GLOBAL classes
- 9.6.7 Enhanced Generic Naming
- 9.6.8 BATCHALLRACF
- 9.6.9 PROTECTALL
- 9.6.10 Tape data set protection
- 9.6.11 Erase on scratch
- 9.6.12 Inactive user ID revocation
- 9.6.13 Password management
- 9.6.14 GENERICOWNER
- 9.6.15 Multi-level security options
- 9.7 JCL procedures
- 9.8 UNIX System Services
-
9.9 DFSMS
- 9.9.1 Placing data sets
- 9.9.2 Naming standards for data sets
- 9.9.3 Managing storage volumes
- 9.9.4 Backup and recovery processes for data sets
- 9.9.5 Removing unwanted data sets
- 9.9.6 Migrating data sets on a use frequency basis
- 9.9.7 Installing storage devices and migrating data sets to those devices
- 9.9.8 Disposing old storage devices
- 9.10 JES and SDSF
- 9.11 TSO/E
- 9.12 Integrated Cryptographic Service Facility
- 9.13 Started procedures
- 9.14 Special procedures for privileged users
- 9.15 Multiple LPARs and shared DASD
- 9.16 Conclusion
- Chapter 10. IBM z/VM security
- Chapter 11. Linux on System z security
- Related publications
- Back cover
-
IBM System x Reference Architecture for Hadoop: IBM InfoSphere BigInsights Reference Architecture
- Introduction
- Business problem and business value
- Reference architecture use
- Requirements
- InfoSphere BigInsights predefined configuration
- InfoSphere BigInsights HBase predefined configuration
- Deployment considerations
- Customizing the predefined configurations
- Predefined configuration bill of materials
- References
- The team who wrote this paper
- Now you can become a published author, too!
- Stay connected to IBM Redbooks
- Notices
Product information
- Title: Security on the IBM Mainframe: Volume 1 A Holistic Approach to Reduce Risk and Improve Security
- Author(s):
- Release date: December 2014
- Publisher(s): IBM Redbooks
- ISBN: None
You might also like
book
Reduce Risk and Improve Security on IBM Mainframes: Volume 2 Mainframe Communication and Networking Security
This IBM® Redbooks® publication documents the strength and value of the IBM security strategy with IBM …
book
Reduce Risk and Improve Security on IBM Mainframes: Volume 3 Mainframe Subsystem and Application Security
This IBM® Redbooks® publication documents the strength and value of the IBM security strategy with IBM …
book
IBM z/OS Mainframe Security and Audit Management Using the IBM Security zSecure Suite
Every organization has a core set of mission-critical data that must be protected. Security lapses and …
book
Mainframe Basics for Security Professionals: Getting Started with RACF
Leverage Your Security Expertise in IBM ® System z™ Mainframe Environments For over 40 years, the …