Top Ten z-OS and RACF Audit Findings
31 Pages
English
Downloading requires you to have access to the YouScribe library
Learn all about the services we offer

Top Ten z-OS and RACF Audit Findings

-

Downloading requires you to have access to the YouScribe library
Learn all about the services we offer
31 Pages
English

Description

Vanguard’s “Top Ten”z/OS & RACF Audit Findings Philip EmrichSenior Professional Services ConsultantVanguard Integrity Professionals, Inc. Federation of Security Professionals Fall SeminarToronto, Ontario03 October 2008©2008 Vanguard Integrity Professionals, Inc. 1Trademarks • The following are trademarks or registered trademarks of the International ®Business Machines Corporation (IBM) or subsidiaries– IBM®, CICS®, DB2®, Tivoli®, zSeries®, – z/OS®, OS/390®, MVS, MVS/ESA, MVS/XA– RACF®, SecureWay®, Security Server• The following are trademarks and service marks of Vanguard Integrity ™Professionals – Nevada (VANGUARD)– Vanguard Administrator™, Vanguard Advisor™, Vanguard Analyzer™– Vanguard Enforcer™, SecurityCenter™, ez/Integrator ™, ez/AccessControl™, ez/SignOn ™, ez/Token ™, PasswordReset ™, INCompliance ™– SmartLink™, Find-it-Fix-it-Fast™, RiskMinder™, SmartAssist™, eDistribution™• Microsoft®, Windows, and the Windows logo are trademarks of Microsoft®• Java™ and all Java-based trademarks are trademarks of Sun Microsystems, Inc.• UNIX® is a registered trademark in the United States and other countries licensed exclusively through The Open Group• CA-ACF2®, CA- Top Secret® are trademarks of Computer Associates International. • Other company, product, and service names may be the trademarks or service marks of others in the United States, other countries, or both©2008 Vanguard Integrity Professionals, Inc. 2Agenda• The Need to Implement ...

Subjects

Informations

Published by
Reads 63
Language English

Exrait

Vanguard’s “Top Ten”
z/OS & RACF Audit Findings
Philip Emrich
Senior Professional Services Consultant
Vanguard Integrity Professionals, Inc.
Federation of Security Professionals Fall Seminar
Toronto, Ontario
03 October 2008
©2008 Vanguard Integrity Professionals, Inc. 1Trademarks
• The following are trademarks or registered trademarks of the International
®
Business Machines Corporation (IBM) or subsidiaries
– IBM®, CICS®, DB2®, Tivoli®, zSeries®,
– z/OS®, OS/390®, MVS, MVS/ESA, MVS/XA
– RACF®, SecureWay®, Security Server
• The following are trademarks and service marks of Vanguard Integrity

Professionals – Nevada (VANGUARD)
– Vanguard Administrator™, Vanguard Advisor™, Vanguard Analyzer™
– Vanguard Enforcer™, SecurityCenter™, ez/Integrator ™,
ez/AccessControl™, ez/SignOn ™, ez/Token ™, PasswordReset ™,
INCompliance ™
– SmartLink™, Find-it-Fix-it-Fast™, RiskMinder™, SmartAssist™,
eDistribution™
• Microsoft®, Windows, and the Windows logo are trademarks of Microsoft®
• Java™ and all Java-based trademarks are trademarks of Sun Microsystems, Inc.
• UNIX® is a registered trademark in the United States and other countries licensed
exclusively through The Open Group
• CA-ACF2®, CA- Top Secret® are trademarks of Computer Associates
International.
• Other company, product, and service names may be the trademarks or
service marks of others in the United States, other countries, or both
©2008 Vanguard Integrity Professionals, Inc. 2Agenda
• The Need to Implement Security
“Best Practices”
• Vanguard’s Most Frequently
Encountered
“Top Ten” RACF Audit Findings
• Summary
• Remediation
©2008 Vanguard Integrity Professionals, Inc. 3Agenda
• The Need to Implement Security
“Best Practices”
• Vanguard’s Most Frequently
Encountered
“Top Ten” RACF Audit Findings
• Summary
• Remediation
©2008 Vanguard Integrity Professionals, Inc. 4Business Realities
The Need to Implement Security “Best Practices”
Information Security Compliance is a top organizational initiative
• Laws, Regulations, and Standards require validation of
proper implementation of IT internal controls.
• IT Internal Control failures threaten the organization’s
image and can carry heavy fines and even executive
management imprisonment.
• Cyber-crime activities are a serious threat and companies
are expected to implement all reasonable measures to
prevent successful attacks.
• Outside auditors can and are issuing sanctions that restrict
core business activities based on IT security risks
identified in their audits.
Bottom Line
: The Information Security organization must be
proactive in their efforts to implement and maintain Security
“Best Practices” in their enterprises.
©2008 Vanguard Integrity Professionals, Inc. 5Agenda
• The Need to Implement Security
“Best Practices”
• Vanguard’s Most Frequently Encountered
“Top Ten” RACF Audit Findings
• Identification of each Finding
• Remediation of each Finding
• Summary
• Remediation
©2008 Vanguard Integrity Professionals, Inc. 6Vanguard z/OS and RACF “Best Practices”
• Where do the “Best Practices” come from?
– Vanguard Integrity Professionals
Professional Services Consultants
– Based on 20+ Years of Vanguard
Experience Performing Hundreds of Audits
• Vanguard Security Exposure “Standards”
– System Entry Exposures
– Resource Access Exposures
• Vanguard RACF Implementation “Standards”
©2008 Vanguard Integrity Professionals, Inc. 7Vanguard’s “Top Ten” Audit Findings
Summary
10. Excessive numbers of Inactive Userids. (Moderate)
9. Production Userid(s) with inappropriate access to all datasets
in the z/OS environment. (Critical)
8. Inadequate Security Event Reporting. (Critical)
7. Started Tasks with Inappropriate Privileged or Trusted
Levels of Risk
attributes. (Critical)
6. Sensitive and Critical Dataset Profiles with Universal Access
Critical
(UACC) greater than READ. (Critical)
5. User entries in the Program Properties Table (PPT) with the
Bypass Password Protection (NOPASS) attribute. (Critical)
High
4. Excessive numbers of Dataset Profiles in WARNING mode.
(Critical)
Moderate
3. Inadequate protection for Authorized Program Facility (APF)
Libraries. (Critical)
2. Excessive use of extraordinary RACF attributes. (High)
Low
1. Excessive PROTECTALL(WARNING) or NOPROTECTALL
mode. (Critical)
©2008 Vanguard Integrity Professionals, Inc. 8Vanguard z/OS & RACF Audit Finding #10
Excessive number of Inactive Userids
Finding
Explanation Normally, Inactive Userids should be deleted from the
RACF Database after a set number of days of
inactivity.
An Inactive Userid with extensive access to resources
Risk - Moderate
could be re-used inappropriately to access
Production data or z/OS infrastructure data.
Recommended Ultimately, delete the Inactive Userids and all of their
associated accesses and ownership from the
Best Practice
RACF Database.
©2008 Vanguard Integrity Professionals, Inc. 9Vanguard z/OS & RACF Audit Finding #9
Production Batch Job Userid(s) with inappropriate
Finding
access to all datasets in the z/OS environment
through the RACF OPERATIONS attribute
Explanation
Production Jobs should only have access to datasets
associated with the application being processed.
The OPERATIONS attribute can grant ALTER
access to all datasets in the z/OS environment.
All application and z/OS infrastructure data is
Risk - Moderate
accessible by any application Production Batch
Job Userid.
Ultimately, remove the RACF OPERATIONS attribute
Recommended
from Production Job Userids and/or the Job
Best Practice
Scheduler’s Userid which in many cases is
propagated to all Production Jobs.
©2008 Vanguard Integrity Professionals, Inc. 10