Introduction to Mainframe Security v2.5
Duration
5 hours
Overview
This course provides the learner with a basic understanding of z/OS security. It introduces basic security concepts as they relate to z/OS, including the reasons for security, physical security and the Logon ID. It covers both traditional z/OS security issues such as data set protection and TSO/E, together with recent developments including LDAP and passphrases. Sections on security auditing, event recording, and a detailed explanation of the Authorized Program Facility (APF) are also covered.
Audience
Introductory modules are provided for any personnel requiring an introduction to mainframe security for z/OS, z/VM or z/VSE. Later modules are specifically for security administrators and z/OS system auditors
Prerequisites
Successful completion of the following Interskill courses:
- IBM (z/OS) – The Evolving Mainframe
- IBM (z/OS) – Working with the Mainframe
Objectives
After completing this course, the student will be able to:
- Describe the resources that need to be secured on the mainframe
- Explain the role of External Security Managers
- Describe the purpose of the Logon ID
- Identify the z/OS system products used for recording security-related data
- Describe z/OS security audit requirements
- Describe how the Authorized Program Facility is used to secure sensitive services
Course Content
Mainframe Security Basics
How secure are mainframes?
Mainframe resources to secure
Security requirements for consoles, files and data sets
Network access and encryption
Roles of External Security Managers for z/OS, z/VM, z/VSE and Linux on System z
z/OS Security Administration
Function of the Logon ID
Logon ID management
Securing data sets and z/OS UNIX files
Controlling access to TSO/E, IMS, CICS, and databases
Security software features
Security administration tools
z/OS Security Auditing and Recording
How the Operlog, Syslog, syslogd and IMS logs are used
Purpose of the z/OS Systems Monitoring Facility (SMF)
SMF record types
z/OS security auditing requirements
Internal and external audits
z/OS auditing tools
z/OS Authorized Program Facility
Why APF is required
How a task becomes APF authorized
Achieving APF authorization
Listing APF Authorized Libraries
z/OS UNIX APF Authorization
Securing APF Data
Special Logons