book

Mainframe Basics for Security Professionals: Getting Started with RACF

Name: Mainframe Basics for Security Professionals: Getting Started with RACF
ISBN: 9780137137596

by Ori Pomerantz, Barbara Vander Weele, Mark Nelson, Tim Hahn

December 2007

Beginner

192 pages

3h 40m

English

IBM Press

Read now

Unlock full access

Copyright
Dedication
IBM Press
Rational and Software DevelopmentComputingInformation ManagementWebSphereLotusOpen SourceBusiness Strategy & Management
Foreword
Preface
Acknowledgments
About the Authors
1. Introduction to the Mainframe
1.1. Why Use a Mainframe?1.1.1. A Little History1.1.2. Why Are Mainframes Different?1.1.3. Mainframe vs. Client/Server1.2. Getting Started1.2.1. What You Will Need1.2.2. Logging in to the Mainframe1.2.3. “Hello, World” from TSO1.3. Job Control Language (JCL)1.3.1. Introduction to JCL1.3.2. Data Sets1.3.3. Using ISPF to Create and Run Batch Jobs1.3.3.1. Data Set Creation1.3.3.2. Editing Data Set Members1.3.4. JCL Syntax1.3.5. Viewing the Job Output1.3.5.1. Filtering Jobs1.4. z/OS UNIX System Services1.5. Getting Help1.5.1. Context-Sensitive Help1.5.1.1. TSO1.5.1.2. ISPF1.5.1.3. OMVS1.5.2. The Manuals1.6. Additional Information
2. Users and Groups
2.1. Creating a User2.2. How to Modify a User for OMVS Access2.2.1. Modifying the User2.2.2. Creating the OMVS Home Directory (and Modifying Users from TSO)2.2.3. Verifying MYUSER Has OMVS Access2.3. Groups2.3.1. Searching Groups2.3.2. Displaying a Group2.3.3. Connecting Users to a Group2.4. zSecure2.5. Additional Information
3. Protecting Data Sets and Other Resources
3.1. Protecting Data Sets3.1.1. Default Permissions3.1.2. Access Control List Permissions3.1.3. Project Groups and Generic Profiles3.2. Other Resources3.2.1. Gathering Information3.2.2. Activating UNIXPRIV3.2.3. Delegating chown Privileges3.2.4. Verifying the Change3.2.5. Deleting Resource Profiles3.3. Security Data (Levels, Categories, and Labels)3.3.1. Defining the Policy3.3.1.1. Security Levels3.3.1.2. Categories3.3.2. Assigning Security Levels and Categories3.3.3. Security Labels (SECLABELs)3.4. Securing UNIX System Services (USS) Files3.5. zSecure3.6. Additional Information
4. Logging
4.1. Configuring Logging4.1.1. SMF Configuration4.1.2. RACF Configuration4.2. Generating Reports4.2.1. Unloading Log Data to Sequential Text Files4.2.2. Understanding Sequential Reports4.2.3. Generating Reports with ICETOOL4.2.4. Other Types of Reports4.3. UNIX System Services (USS) Logging4.3.1. Classes for USS Logging4.3.2. SMF Settings for USS4.3.3. Specifying Logging in USS4.3.4. Viewing the USS Log Records4.4. Logging in zSecure4.5. Additional Information

5. Auditing
5.1. Auditing5.2. The RACF Data Security Monitor (DSMON)5.2.1. Running DSMON5.2.2. The System Report5.2.3. The Program Properties Table Report5.2.4. The RACF Authorized Caller Table (ICHAUTAB) Report5.2.5. The RACF Exits Report5.2.6. The Selected User Attribute Report5.2.7. The Selected Data Sets Report5.3. The Set RACF Options (SETROPTS) Command5.4. The RACF Database Unload Utility (IRRDBU00)5.4.1. Removing IDs with IRRRID005.5. The RACF Health Checks5.5.1. RACF_SENSITIVE_RESOURCES5.5.2. RACF_IBMUSER_REVOKED5.5.3. RACF Classes Active Health Checks5.6. zSecure Auditing5.7. Additional Information
6. Limited-Authority RACF Administrators
6.1. Profiles Owned by Users6.2. Group-Owned Profiles and Group Authorities6.2.1. The group-AUDITOR Authority6.2.2. The group-SPECIAL Authority6.2.3. The group-OPERATIONS Authority6.3. System-Level Authorities6.4. Manipulating Users6.4.1. Creating Users6.4.1.1. Permitting MYUSER Access to the TSO Segment6.4.1.2. Creating the New TSO Segment6.4.2. Manipulating Users6.5. Additional Information
7. Mainframes in the Enterprise-Wide Security Infrastructure
7.1. What Is an Enterprise?7.1.1. Enterprise Components7.1.2. Security across Enterprise Components7.1.3. Communication Protocols7.2. Enterprise Security Administration7.2.1. Authentication and Authorization7.2.2. Credential Propagation and Transformation7.3. Communicating between Enterprises—and Beyond7.4. Additional Information

Overview

Leverage Your Security Expertise in IBM^® System z™ Mainframe Environments

For over 40 years, the IBM mainframe has been the backbone of the world’s largest enterprises. If you’re coming to the IBM System z mainframe platform from UNIX^®, Linux^®, or Windows^®, you need practical guidance on leveraging its unique security capabilities. Now, IBM experts have written the first authoritative book on mainframe security specifically designed to build on your experience in other environments.

Even if you’ve never logged onto a mainframe before, this book will teach you how to run today’s z/OS^® operating system command line and ISPF toolset and use them to efficiently perform every significant security administration task. Don’t have a mainframe available for practice? The book contains step-by-step videos walking you through dozens of key techniques. Simply log in and register your book at www.ibmpressbooks.com/register to gain access to these videos.

The authors illuminate the mainframe’s security model and call special attention to z/OS security techniques that differ from UNIX, Linux, and Windows. They thoroughly introduce IBM’s powerful Resource Access Control Facility (RACF) security subsystem and demonstrate how mainframe security integrates into your enterprise-wide IT security infrastructure. If you’re an experienced system administrator or security professional, there’s no faster way to extend your expertise into “big iron” environments.

Coverage includes

Mainframe basics: logging on, allocating and editing data sets, running JCL jobs, using UNIX System Services, and accessing documentation

Creating, modifying, and deleting users and groups

Protecting data sets, UNIX file system files, databases, transactions, and other resources

Manipulating profiles and managing permissions

Configuring the mainframe to log security events, filter them appropriately, and create usable reports

Using auditing tools to capture static configuration data and dynamic events, identify weaknesses, and remedy them

Creating limited-authority administrators: how, when, and why

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Reduce Risk and Improve Security on IBM Mainframes: Volume 2 Mainframe Communication and Networking Security

Publisher Resources

ISBN: 9780137137596Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills