Mainframe Basics for Security Professionals : Getting Started with RACF
, by Pomerantz, Ori; Vander Weele, Barbara; Nelson, Mark E.; Hahn, TimNote: Supplemental materials are not guaranteed with Rental or Used book purchases.
- ISBN: 9780131738560 | 0131738569
- Cover: Hardcover
- Copyright: 12/28/2007
The security professionals introduction to and ongoing reference for mainframe security.
Ori Pomerantz has been securing computer networks-and teaching other people to do so-since 1995. Since joining IBM in 2003, he has written classes on several Tivoli security products, including IBM Tivoli zSecure Barbara Vander Weele, a software engineer at IBM, has developed and presented education material on provisioning, security, storage, and business technologies for IBM Worldwide Education Mark Nelson, Senior Software Engineer at IBM, is a twenty-year veteran of the RACF design team and a frequent speaker on RACF and z/OS security-related topics Tim Hahn, IBM Distinguished Engineer, has been with IBM for seventeen years. He is Chief Architect for Secure Systems and Networks within the IBM Software Group Tivoli organization
Foreword | p. xv |
Preface | p. xvii |
Acknowledgments | p. xix |
About the Authors | p. xxi |
Introduction to the Mainframe | p. 1 |
Why Use a Mainframe? | p. 1 |
A Little History | p. 1 |
Why Are Mainframes Different? | p. 2 |
Mainframe vs. Client/Server | p. 3 |
Getting Started | p. 4 |
What You Will Need | p. 4 |
Logging in to the Mainframe | p. 5 |
"Hello, World" from TSO | p. 6 |
Job Control Language (JCL) | p. 7 |
Introduction to JCL | p. 8 |
Data Sets | p. 9 |
Using ISPF to Create and Run Batch Jobs | p. 10 |
JCL Syntax | p. 15 |
Viewing the Job Output | p. 16 |
z/OS UNIX System Services | p. 19 |
Getting Help | p. 22 |
Context-Sensitive Help | p. 22 |
The Manuals | p. 24 |
Additional Information | p. 25 |
Users and Groups | p. 27 |
Creating a User | p. 27 |
How to Modify a User for OMVS Access | p. 31 |
Modifying the User | p. 31 |
Creating the OMVS Home Directory (and Modifying Users from TSO) | p. 34 |
Verifying MYUSER Has OMVS Access | p. 36 |
Groups | p. 36 |
Searching Groups | p. 36 |
Displaying a Group | p. 38 |
Connecting Users to a Group | p. 39 |
zSecure | p. 42 |
Additional Information | p. 43 |
Protecting Data Sets and Other Resources | p. 45 |
Protecting Data Sets | p. 45 |
Default Permissions | p. 45 |
Access Control List Permissions | p. 49 |
Project Groups and Generic Profiles | p. 53 |
Other Resources | p. 57 |
Gathering Information | p. 57 |
Activating UNIXPRIV | p. 59 |
Delegating chown Privileges | p. 61 |
Verifying the Change | p. 63 |
Deleting Resource Profiles | p. 63 |
Security Data (Levels, Categories, and Labels) | p. 64 |
Defining the Policy | p. 64 |
Assigning Security Levels and Categories | p. 65 |
Security Labels (SECLABELs) | p. 66 |
Securing UNIX System Services (USS) Files | p. 68 |
zSecure | p. 70 |
Additional Information | p. 71 |
Logging | p. 73 |
Configuring Logging | p. 73 |
SMF Configuration | p. 74 |
RACF Configuration | p. 80 |
Generating Reports | p. 82 |
Unloading Log Data to Sequential Text Files | p. 82 |
Understanding Sequential Reports | p. 85 |
Generating Reports with ICETOOL | p. 87 |
Other Types of Reports | p. 91 |
UNIX System Services (USS) Logging | p. 91 |
Classes for USS Logging | p. 92 |
SMF Settings for USS | p. 93 |
Specifying Logging in USS | p. 93 |
Viewing the USS Log Records | p. 95 |
Logging in zSecure | p. 95 |
Additional Information | p. 97 |
Auditing | p. 99 |
Auditing | p. 99 |
The RACF Data Security Monitor (DSMON) | p. 100 |
Running DSMON | p. 101 |
The System Report | p. 102 |
The Program Properties Table Report | p. 103 |
The RACF Authorized Caller Table (ICHAUTAB) Report | p. 104 |
The RACF Exits Report | p. 104 |
The Selected User Attribute Report | p. 105 |
The Selected Data Sets Report | p. 106 |
The Set RACF Options (SETROPTS) Command | p. 108 |
The RACF Database Unload Utility (IRRDBU00) | p. 110 |
Removing IDs with IRRRID00 | p. 111 |
The RACF Health Checks | p. 114 |
RACF_SENSITIVE_RESOURCES | p. 114 |
RACF_IBMUSER_REVOKED | p. 117 |
RACF Classes Active Health Checks | p. 117 |
zSecure Auditing | p. 118 |
Additional Information | p. 120 |
Limited-Authority RACF Administrators | p. 121 |
Profiles Owned by Users | p. 121 |
Group-Owned Profiles and Group Authorities | p. 122 |
The group-AUDITOR Authority | p. 124 |
The group-SPECIAL Authority | p. 127 |
The group-OPERATIONS Authority | p. 128 |
System-Level Authorities | p. 128 |
Manipulating Users | p. 129 |
Creating Users | p. 129 |
Manipulating Users | p. 131 |
Additional Information | p. 133 |
Mainframes in the Enterprise-Wide Security Infrastructure | p. 135 |
What Is an Enterprise? | p. 136 |
Enterprise Components | p. 137 |
Security across Enterprise Components | p. 139 |
Communication Protocols | p. 141 |
Enterprise Security Administration | p. 144 |
Authentication and Authorization | p. 145 |
Credential Propagation and Transformation | p. 145 |
Communicating between Enterprises-and Beyond | p. 148 |
Additional Information | p. 149 |
Index | p. 151 |
Table of Contents provided by Ingram. All Rights Reserved. |
What is included with this book?
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.