Muutke küpsiste eelistusi

IBM Mainframe Security: Beyond the BasicsA Practical Guide from a z/OS and RACF Perspective [Pehme köide]

4.00/5 (2 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, 224 pages, kõrgus x laius x paksus: 229x178x13 mm, kaal: 358 g
  • Ilmumisaeg: 30-Sep-2013
  • Kirjastus: MC Press, LLC
  • ISBN-10: 1583478280
  • ISBN-13: 9781583478288
Teised raamatud teemal:
IBM Mainframe Security: Beyond the BasicsA Practical Guide from a z/OS and RACF PerspectiveSuurem pilt
  • Formaat: Paperback / softback, 224 pages, kõrgus x laius x paksus: 229x178x13 mm, kaal: 358 g
  • Ilmumisaeg: 30-Sep-2013
  • Kirjastus: MC Press, LLC
  • ISBN-10: 1583478280
  • ISBN-13: 9781583478288
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781583478288.html

Rather than rehashing basic information—such as command syntax—already available in other publications, this book focuses on important security and audit issues, business best practices, and compliance, discussing the important issues in IBM mainframe security. Mainframes are the backbone of most large IT organizations; security cannot be left to chance. With very little training available to the younger crowd, and older, more experienced personnel retiring or close to retiring, there is a need in mainframe security skills at the senior level. Based on real-life experiences, issues, and solutions to mainframe security from the author’s three decades of practical experience as a mainframe security practitioner, this book fulfills that need.

Introduction 1(6)
Part One Securing Business Data
Chapter 1 How the Mainframe Provides Security
7(6)
How RACF Does Access Checking
9(1)
The RACF Access Checking Diagram
10(3)
Chapter 2 RACF Special Privileges
13(6)
Logging Special Privilege Activities
14(1)
Mitigating the Risk of Special Privileges
15(1)
Alternatives to the OPERATIONS Privilege
16(1)
Summary
17(2)
Chapter 3 The Data Security Monitor (DSMON)
19(10)
How to Produce DSMON Reports
20(1)
Understanding DSMON Reports
20(8)
Summary
28(1)
Chapter 4 Security Event Logging and Auditing
29(10)
Auditing User Activity
31(1)
Auditing Resources at the Profile Level
31(1)
Using the GLOBALAUDIT Operand
32(1)
Auditing Resources at the Class Level
32(2)
Auditing Users with Special Privileges
34(1)
Auditing Profile Changes
34(1)
Auditing Failures to RACF Commands
35(1)
RACF Automatic Loggings
35(1)
The Importance of Security Log Retention
35(2)
Summary
37(2)
Chapter 5 The Global Access Checking (GAC) Table
39(10)
The Benefits of GAC
40(1)
The Security Concerns of GAC
40(1)
Implementing GAC
41(1)
Mitigating the Security Risks of GAC
42(2)
The Benefits of GAC Mirror Profiles
44(1)
Good Candidates for GAC Processing
45(1)
Summary
46(3)
Chapter 6 Understanding the FACILITY Class
49(6)
Storage Administration Profiles
50(1)
z/OS UNIX Profiles
50(1)
RACF Profiles
50(1)
Other Profiles
51(1)
Security Administration of FACILITY Class Profiles
51(1)
The FACILITY Class's Documentation
52(1)
Third-Party Vendor Products
52(1)
In-House Developed Products
52(1)
FACILITY Class Profiles: A Word of Caution
52(3)
Chapter 7 The Benefits of the SEARCH Command
55(6)
Creating RACF Commands
55(1)
Cleaning Up the RACF Database
56(1)
Listing Profiles, User IDs, and Groups
57(1)
Revoking User IDs
57(1)
Finding Duplicate UIDs and GIDs
58(1)
Searching a User's Access to Profiles
59(1)
Finding Discrete Profiles
59(1)
Summary
59(2)
Chapter 8 WARNING Mode and Its Implications
61(4)
The Proper Use of WARNING Mode
62(1)
The Incorrect Use of WARNING Mode
63(1)
Finding All Profiles in WARNING Mode
63(1)
Make Sure WARNING Mode Is Justified
64(1)
Remove WARNING Mode Where Inappropriate
64(1)
Summary
64(1)
Chapter 9 Understanding z/OS UNIX Security
65(10)
How z/OS UNIX Security Works
66(1)
Planning for z/OS UNIX Security
67(1)
Unique UIDs and GIDs Recommended
68(1)
The SUPERUSER Privilege
69(1)
Auditing z/OS UNIX
70(1)
Implementing z/OS UNIX Controls
71(1)
FACILITY Class Considerations
71(2)
UNIXPRIV Class Considerations
73(1)
Other z/OS UNIX Considerations
73(2)
Chapter 10 The Benefits of RACF Commands in Batch Mode
75(6)
Capturing the Results of RACF Commands
76(1)
Automating a Process
77(1)
Performing an Action Repeatedly
77(1)
Entering Groups of RACF Commands
78(1)
When Batch Mode Is the Only Method
79(1)
Summary
79(2)
Chapter 11 Security Administration: Beyond the Basics
81(22)
Doing It Right the First Time
82(2)
Being Inquisitive
84(2)
Understanding RACF User Profile Segments
86(1)
What Is a RACF Discrete Profile?
87(1)
What Are Undefined RACF User IDs?
88(1)
Universal Access (UACC) Considerations
89(1)
The Restricted Attribute
90(1)
Disaster Recovery Considerations
90(1)
What Are RACF "Grouping Classes"?
91(1)
What Is RACF "Undercutting"?
92(1)
What Is a RACF "Back-Stop" Profile?
92(1)
Why User IDs Must Not Be Shared
93(1)
Granting Temporary Access to Resources
94(1)
Creating "Fully-Qualified" Generic Profiles
94(1)
Specifying Strong Passwords
95(1)
RACF Global Options
96(3)
Summary
99(4)
Part Two Securing The Z/Os Operating System
Chapter 12 APF-Authorized Libraries
103(6)
What Is the Risk?
103(1)
Finding APF-Authorized Libraries
104(1)
How Do You Mitigate This Risk?
105(2)
Summary
107(2)
Chapter 13 The System Management Facility (SMF)
109(4)
What Is the Risk?
110(1)
How Do You Mitigate This Risk?
110(2)
Summary
112(1)
Chapter 14 Operating System Data Sets
113(6)
System Parameter Libraries
113(2)
System Catalogs
115(1)
Assorted Operating System Data Sets
116(1)
Summary
117(2)
Chapter 15 RACF Databases
119(4)
What Is the Risk?
119(1)
How Do You Mitigate This Risk?
120(2)
Summary
122(1)
Chapter 16 RACF Exits
123(4)
What Is the Risk?
124(1)
How Do You Mitigate This Risk?
124(2)
Summary
126(1)
Chapter 17 System Exits
127(4)
What Is the Risk?
128(1)
How Do You Mitigate This Risk?
128(1)
Summary
128(3)
Chapter 18 Started Procedures
131(6)
What Is the Risk?
132(1)
How Do You Mitigate This Risk?
133(2)
Summary
135(2)
Chapter 19 Tape Bypass Label Processing (BLP)
137(4)
What Is the Risk?
137(2)
How Do You Mitigate This Risk?
139(1)
Summary
139(2)
Chapter 20 The SYS1.UADS Data Set
141(6)
A Brief History of SYS1.UADS
142(1)
How SYS1.UADS Works with RACF
143(1)
Keeping SYS1.UADS Current
144(1)
Summary
145(2)
Chapter 21 The System Display and Search Facility (SDSF)
147(4)
What Is the Risk?
147(1)
How Do You Mitigate This Risk?
148(3)
Chapter 22 The Program Properties Table (PPT)
151(4)
What Is the Risk?
151(1)
How Do You Mitigate This Risk?
152(3)
Chapter 23 Special-Use Programs
155(4)
What Is the Risk?
156(1)
How Do You Mitigate This Risk?
156(3)
Part Three Security Infrastructure Matters
Chapter 24 Application and Batch ID Security
159(4)
Segregate Production from Non-Production
159(1)
Batch IDs Must Not Share Application Data
160(1)
Production JCL Must Not Refer to Personal Data Sets
160(1)
Be Careful About SURROGAT Class Access
161(1)
Restrict Direct Update Access to Production Data
162(1)
Chapter 25 Security Architecture
163(6)
Internal Vs. External Security
164(1)
The Benefits of External (RACF) Security
165(1)
Centralized Security or Decentralized Security?
166(3)
Chapter 26 The RACF Unload Database
169(8)
How It Was Done Before
170(1)
Creating the RACF Unload Database
170(1)
The Benefits of the RACF Unload Database
171(1)
The Uses of the RACF Unload Database
171(2)
Getting Quick Answers Using TSO
173(3)
Summary
176(1)
Chapter 27 Increasing Your Productivity
177(8)
Use REXX and CLISTs
178(1)
Learn More About ISPF Edit Capabilities
178(2)
Join Online User Groups
180(1)
Find a Mentor
180(1)
Use RACF Help Functions
181(1)
Use Online Manuals
181(1)
Get Free Utilities
182(1)
Subscribe to Vendor Publications
182(1)
Use Native RACF Commands
183(1)
Learn DFSORT
183(1)
Summary
183(2)
Chapter 28 Security Compliance
185(2)
Chapter 29 Security Best Practices
187(10)
Implement Role-Based Security
188(2)
Periodically De-Clutter Your Security Database
190(1)
Handle Employee Transfers and Terminations As They Occur
190(1)
Identify Your Important Data
191(1)
Assign Ownership to All Data
192(1)
Keep All Security Within RACF
193(1)
Log Accesses to Important Data
193(1)
Conduct Periodic Reviews of All Access Rights
193(1)
Implement Change Management for Production JCL
194(1)
Report and Monitor Security Activities
195(1)
Implement Segregation of Duties
196(1)
Require Approval Before Granting Access
196(1)
Summary
196(1)
Chapter 30 Security Add-On Products
197(4)
The Benefits of RACF Add-On Products
198(1)
Simplified Security Administration
199(1)
Security Monitoring
199(1)
Password Resets
200(1)
Security Reporting
200(1)
Security Compliance and Enforcement
200(1)
Summary
200(1)
Epilogue 201(2)
Index 203