Category Archives: Data Center News

15 rules to protect IBM Mainframe Systems from hacking!

15 rules to protect IBM Mainframe Systems from hacking
Posted by · filed under Data Center News

Even the securest IBM Z installations in top security environments are
exposed to hacking threats that are underestimated, downplayed or simply
unknown to most mainframe operations and security teams.
What is your risk
exposure, what methods social hackers are using and what are recommended steps
to protect yourself from those dangers
?

Can an IBM z/OS mainframe be hacked? The answer is a simple “yes”.

A current Bitkom study even reports on the attack target of the German economy, the current “Spiegel” (one of the biggest german News-magazines) even reports on a “network with big holes”.

For instance a hacker group infiltrated 2012 multiple z/OS Mainframe Systems in Sweden, gained access to the RACF-Database and brute-force decrypted over 100.000 RACF account passwords. Plus they installed backdoors with permanent access without even needing passwords.
Sensitive data was lost or revealed and a funds were transferred from the bank to private accounts.

So what has changed?

As simple as it may sounds: your mainframe is connected to the world and there is interest in your mainframe! Not from script kiddies, but from semi-professional and professional hacker groups and even companies.  And mainframe hacking tools are today available as open source free to use for everybody.
 
So what you can do to protect your IBM Mainframe?

  1. Don‘t trust that your mainframe is secure
  2. Use common sense  security measures *)
  3. Use Identity & Access Management Software‘s standard security features to protect you
  4. Monitor access to your systems
  5. Collect logs & review them
  6. Conduct regular security audits
  7. Implement recommended NIST STIGs
  8. Be informed about security threats of the deployed mainframe software
  9. Execute a mainframe penetration test

    On the subject of “social hacking”*

  10. Make yourself clear, that there are social hackers!
  11. Build awareness inside your company and team
  12. Define rules, how to act in case of calls, and what information can be given
  13. Limit the information you give out in calls or without calling back
  14. Be suspicious and ask for clear identification of the person talking to you.
  15. As a rule of thumb: Always call back!

Do you want to know more?

All this
and the nifty details of the 2012 mainframe hack and your risk exposure will be
covered in our 60 min. Webinar “Hacking the Mainframe”. It includes information
on hacker practices based on a real life example and provides you with
recommendations and solutions how to protect your most viable information and
your mainframe security.

Sign up for “Hacking the Mainframe” Webinar here:

Can a Bank Outsource IT Security?

recruitment-3182373_960_720

Most people would say no. Such an idea sounds almost crazy.

Still this is more than likely to have happened at quite a few banks, as more and more banks outsource mainframe operations to service providers. The ironic thing about this is that it is indeed on the mainframe where the bank’s absolutely most critical information assets are to be found!  

However, finding people who have mainframe skills is not easy. Many Z/OS experts have retired or will soon do so. This is what in the first place has led banks to outsourcing. If the trend continues, then any remaining mainframe-skilled workforce will slowly but surely be concentrated to a few service providers who will be running mainframe services for the majority of banks.

When it gets confusing

The job of a service provider is to make sure that an agreed SLA is fulfilled (preferably as cost-effective as possible). However, how do you define an SLA for IT security? Does that even make sense? The very nature of hacking is to find new vulnerabilities. How do you agree in an SLA on identifying new security threats?

Things can get confusing in an outsourcing process as responsibilities are reassembled. Let a few years pass and everyone will point to the service provider as soon as they hear the word mainframe. The service provider is responsible, right? Actually, when it comes to security that is not entirely true. The bank remains responsible for security, no matter where it derives its mainframe services from.

Where the Vision starts

In order to create a good strategy for IT security, we at Beta Systems believe that not only technical mainframe skills but also practical knowledge about the bank’s operations is needed. No one but the bank itself can understand how its people work and what information is critical. Only with this knowledge is it possible to proactively prepare for incidents. Therefore information security cannot be entirely outsourced.

This leads us down to our vision: enabling mainframe security without a need for technical mainframe expertise. To realize this vision we develop easy-to-use software for managing and monitoring RACF permissions, giving the bank’s Security Officer a modern UI to fulfil security goals with.

But how to administrate mainframe access rights to overcome the growing challenges of the digital age?

Get your free guide for data center managers who operate RACF systems here.

RACF Audit Minimizes Risks for Mainframe Customers

RACF Audit Minimizes Risks for Mainframe CustomersMore than 80 percent of all global z/OS installations employ RACF (Resource Access Control Facility), the IBM tool for identifying and verifying users, managing access rights and logging access to protected resources. Based on the probable assumption that IBM mainframe systems are likely used by very large companies, it can be said with great confidence that RACF protects the security of the world’s most complex IT landscapes.
Tags: |
Thomas gr. Osterhues

Thomas is Senior Manager Marketing at Beta Systems. While working at market leaders Coca-Cola and Lidl, he was infected with the tech bug and moved rapidly into the software world, working for leading ECM and IAM companies in Marketing, Channel Sales and Product & Solution Management., with a strong focus on business processes and data center solutions at large clients.
He is able to rapidly understand and articulate how technology can solve specific business challenges: for sectors, channels, prospects, teams … and bring all stakeholders on board. He is someone who gets the job done – and then some.

Latest Release Beta UX 4.4. Now Available

Beta-UX-DistributionMaster_Mockup-Laptop

Beta UX Output Management and Archive

The latest version of the Beta UX 4.4. output management and archive suite has just been released. For several months, the team evaluated numerous suggestions and requirements communicated to us by our customers and implemented these in the 4.4. release. The changes aim at making document handling with the Beta UX Suite even more secure and intuitive.

Good Prospects for z/OS Admins Across the Globe

Yves Colliard, founder of YCOS GmbH

Yves Colliard, founder of YCOS GmbH

Yves Colliard was born in 1962, so he can be considered one of the youngest mainframe pioneers.

The Swiss native has dedicated more than thirty years to the z/OS platform, and early on the clever entrepreneur discovered a niche that he has been occupying with his products.

The exclusive sales partnership with Beta Systems is a win-win situation in three regards: For his company YCOS GmbH, for Beta Systems as well as for both companies’ customers. The following interview with the IBM expert provides insights into his business model.

Tags: |
Thomas gr. Osterhues

Thomas is Senior Manager Marketing at Beta Systems. While working at market leaders Coca-Cola and Lidl, he was infected with the tech bug and moved rapidly into the software world, working for leading ECM and IAM companies in Marketing, Channel Sales and Product & Solution Management., with a strong focus on business processes and data center solutions at large clients.
He is able to rapidly understand and articulate how technology can solve specific business challenges: for sectors, channels, prospects, teams … and bring all stakeholders on board. He is someone who gets the job done – and then some.

Why Output Management ‘Is a Thing’ for C-Level Management

BS_Infografik-Papierloses-Rechenzentrum_FB_13-02Output management is a subject that does not draw a lot of enthusiasm from most people.

But what makes it increasingly ‘sexy’ and worth paying attention to is the potential for significant cost savings it holds. Taking advantage of this potential is a good strategy for C-level managers – who tend to be in charge of OM – to make their mark.

Tags: |
Thomas gr. Osterhues

Thomas is Senior Manager Marketing at Beta Systems. While working at market leaders Coca-Cola and Lidl, he was infected with the tech bug and moved rapidly into the software world, working for leading ECM and IAM companies in Marketing, Channel Sales and Product & Solution Management., with a strong focus on business processes and data center solutions at large clients.
He is able to rapidly understand and articulate how technology can solve specific business challenges: for sectors, channels, prospects, teams … and bring all stakeholders on board. He is someone who gets the job done – and then some.

Operlog Tools – The New Simplicity of Handling z/OS Log Streams

operlog-tools-mainframe-logstreamsBeta Systems upgrades log management solution portfolio for z/OS by adding OPERLOG and z/OS log stream applications in a new product bundle called Operlog Tools.

Several customers asked us for tools that facilitate Operlog archiving and easy Operlog access. The powerful Operlog Tools product package is our answer.

Tags: |
Thomas gr. Osterhues

Thomas is Senior Manager Marketing at Beta Systems. While working at market leaders Coca-Cola and Lidl, he was infected with the tech bug and moved rapidly into the software world, working for leading ECM and IAM companies in Marketing, Channel Sales and Product & Solution Management., with a strong focus on business processes and data center solutions at large clients.
He is able to rapidly understand and articulate how technology can solve specific business challenges: for sectors, channels, prospects, teams … and bring all stakeholders on board. He is someone who gets the job done – and then some.

Enterprise Control Center V1.1

Enterprise Control Center - DashboardNew Graphical Administration Interface for Beta Systems Mainframe Products

Beta Systems proudly presents the first version of the new Enterprise Control Center product, which was developed in less than a year.

Tags: | |
Thomas gr. Osterhues

Thomas is Senior Manager Marketing at Beta Systems. While working at market leaders Coca-Cola and Lidl, he was infected with the tech bug and moved rapidly into the software world, working for leading ECM and IAM companies in Marketing, Channel Sales and Product & Solution Management., with a strong focus on business processes and data center solutions at large clients.
He is able to rapidly understand and articulate how technology can solve specific business challenges: for sectors, channels, prospects, teams … and bring all stakeholders on board. He is someone who gets the job done – and then some.