Book description
Today's computing environment is subject to increasing regulatory pressures and potentially malicious attacks.
Regulatory compliance, security, and audit are in the daily headlines and growing more prominent.The security of the information to which you have been entrusted has never been more critical. The reality of compliance is too complex.
Compliance demands that you work carefully to set up a strong, comprehensive set of policies and controls. That means controls that consider operational data, financial data, unstructured data, spreadsheets, e-mail, and business intelligence data.
We have a responsibility to secure all business data and especially sensitive customer data. Security can be difficult to manage. IBM DB2 for z/OS already resides on one of the most secure platforms in the industry. IBM System z servers are routinely used by enterprises around the world to support their mission-critical applications. The mainframe's strengths in security stem in part from its history of supporting sensitive data for large enterprises, resulting in security features being built into its design for many decades. It also benefits from a system-wide approach with security capabilities built into the hardware, operating systems, databases, key middleware and more. Its highly evolved layers and security management components give it a fundamental advantage over other systems.
Table of contents
- Notices
- Preface
- Summary of changes
- Chapter 1: What is new in security
-
Chapter 2: Security labels
- Security labels and data classification policies
- Mandatory access control
- Discretionary access control
- Security levels and security categories
- Defining security labels
- Authorizing users to access security labels
- Using security labels
- Comparing security labels
- Security label authorization checking
- Using system-specific security labels in a sysplex
- Summary
- Chapter 3: MLS
- Chapter 4: Vanguard solution
- Chapter 5: MLS as applied to TCP/IP communications
- Chapter 6: DB2 access control overview
- Chapter 7: DB2 and multilevel security
-
Chapter 8: Network trusted contexts and roles
- Existing challenges
- Network trusted context
- Roles (1/2)
- Roles (2/2)
- Trusted contexts, roles, and MLS
- Challenges addressed by roles and trusted contexts
- Role ownership of objects
- Communicating with other systems
- Roles and secondary authids
- IFCID support for trusted contexts and roles
-
Examples of roles and trusted contexts
- Already verified DRDA requests into a DB2 server
- View maintenance on behalf of another user
- View maintenance on a view whose schema is not a user ID
- Backing up a DBA, assuming the identity of another user ID
- Securing DBA activities (1/2)
- Securing DBA activities (2/2)
- Using a temporary SYSADM role during major ERP release implementation
- Reducing risk of a table being dropped by another person
- Limiting salary updates from a single source
- Summary
- Chapter 9: A WebSphere implementation
-
Chapter 10: RACF access control module
- z/OS environment
-
Scenarios
- Scenario 1: SETR MLS not active
- Scenario 2: SETR MLS active
- Scenario 3: SETR MLS not active, RACF profile protection used
- Scenario 4: SETR MLS not active, RACF profile protection with SECLABELs in profiles
- Scenario 5: SETR MLS active, RACF profile protecting without SECLABELs in profile
- Scenario 6: SETR MLS and SETR MLACTIVE active, RACF profile protection
- Scenario 7: SETR MLS active, RACF profile protection used with special SECLABELs in profiles
- Conclusion
- Appendix A: Trusted context syntax (1/3)
- Appendix A: Trusted context syntax (2/3)
- Appendix A: Trusted context syntax (3/3)
- Appendix B: RACF options that control the use of security labels
- Appendix C: Enterprise Identity Mapping
- Related publications
- Index (1/3)
- Index (2/3)
- Index (3/3)
- Back cover
Product information
- Title: Securing DB2 and Implementing MLS on z/OS
- Author(s):
- Release date: April 2007
- Publisher(s): IBM Redbooks
- ISBN: None
You might also like
book
Security Functions of IBM DB2 10 for z/OS
IBM® DB2® 9 and 10 for z/OS® have added functions in the areas of security, regulatory …
video
Securing Your Network from Attacks
Attacks on enterprise networks and home networks are a growing problem with daily targeted attacks that …
book
Building a VoIP Network with Nortel's Multimedia Communication Server 5100
The first book published on deploying Voice Over IP (VoIP) products from Nortel Networks, the largest …
book
Managing Fraud Risk: A Practical Guide for Directors and Managers
A strategic, practical, cost-effective approach to fraud prevention In troubled economic times, the risk of fraud …