Author Archives: Boris Kemp

15 rules to protect IBM Mainframe Systems from hacking!

15 rules to protect IBM Mainframe Systems from hacking
Posted by · filed under Data Center News

Even the securest IBM Z installations in top security environments are
exposed to hacking threats that are underestimated, downplayed or simply
unknown to most mainframe operations and security teams.
What is your risk
exposure, what methods social hackers are using and what are recommended steps
to protect yourself from those dangers
?

Can an IBM z/OS mainframe be hacked? The answer is a simple “yes”.

A current Bitkom study even reports on the attack target of the German economy, the current “Spiegel” (one of the biggest german News-magazines) even reports on a “network with big holes”.

For instance a hacker group infiltrated 2012 multiple z/OS Mainframe Systems in Sweden, gained access to the RACF-Database and brute-force decrypted over 100.000 RACF account passwords. Plus they installed backdoors with permanent access without even needing passwords.
Sensitive data was lost or revealed and a funds were transferred from the bank to private accounts.

So what has changed?

As simple as it may sounds: your mainframe is connected to the world and there is interest in your mainframe! Not from script kiddies, but from semi-professional and professional hacker groups and even companies.  And mainframe hacking tools are today available as open source free to use for everybody.
 
So what you can do to protect your IBM Mainframe?

  1. Don‘t trust that your mainframe is secure
  2. Use common sense  security measures *)
  3. Use Identity & Access Management Software‘s standard security features to protect you
  4. Monitor access to your systems
  5. Collect logs & review them
  6. Conduct regular security audits
  7. Implement recommended NIST STIGs
  8. Be informed about security threats of the deployed mainframe software
  9. Execute a mainframe penetration test

    On the subject of “social hacking”*

  10. Make yourself clear, that there are social hackers!
  11. Build awareness inside your company and team
  12. Define rules, how to act in case of calls, and what information can be given
  13. Limit the information you give out in calls or without calling back
  14. Be suspicious and ask for clear identification of the person talking to you.
  15. As a rule of thumb: Always call back!

Do you want to know more?

All this
and the nifty details of the 2012 mainframe hack and your risk exposure will be
covered in our 60 min. Webinar “Hacking the Mainframe”. It includes information
on hacker practices based on a real life example and provides you with
recommendations and solutions how to protect your most viable information and
your mainframe security.

Sign up for “Hacking the Mainframe” Webinar here:

Reinsured Customers Thanks to Automated Data Reconciliation

Reinsured Customers Thanks to Automated Data Reconciliation

Automated data reconciliation implemented at a major Canadian bank.

When Oscar Peterson (who died in 2007) wrote the song “My Personal Touch,” most people probably thought the title was referring to the piano keys he so skillfully caressed. But that’s far off the mark: The world famous jazz pianist dedicated this piece to the “personal touch banking machines” of Canada’s largest bank. They were highly advanced even back in 1981. Complex technology hidden beneath a user-friendly interface – in order to implement this objective, the bank relies on products from Beta Systems that help it keep data center processes up and running. This is among our largest Beta 91 installations in North America, and it has been upgraded and extended ever since its introduction in the early 90s.

Latest Release Beta UX 4.4. Now Available

Beta-UX-DistributionMaster_Mockup-Laptop

Beta UX Output Management and Archive

The latest version of the Beta UX 4.4. output management and archive suite has just been released. For several months, the team evaluated numerous suggestions and requirements communicated to us by our customers and implemented these in the 4.4. release. The changes aim at making document handling with the Beta UX Suite even more secure and intuitive.