Reduce Risk and Improve Security on IBM Mainframes: Volume 3 Mainframe Subsystem and Application Security

Reduce Risk and Improve Security on IBM Mainframes: Volume 3 Mainframe Subsystem and Application Security

Front cover Reduce Risk and Improve Security on IBM Mainframes: Volume 3 Mainframe Subsystem and Application Security Axel Buecker Marcela Kanke Mohit Mohanan Vinicius Oliveira Vinodkumar Ramalingam David Rowley Botrous Thalouth Jan Thielmann Redbooks International Technical Support Organization Reduce Risk and Improve Security on IBM Mainframes: Vol. 3 Mainframe Subsystem and Application Security November 2015 SG24-8196-00 Note: Before using this information and the product it supports, read the information in “Notices” on page vii. First Edition (November 2015) This edition applies to IBM z13 systems. © Copyright International Business Machines Corporation 2015. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . vii Trademarks . viii IBM Redbooks promotions . ix Preface . xi Authors. xi Now you can become a published author, too . xii Comments welcome. xiii Stay connected to IBM Redbooks . xiii Chapter 1. Introduction to major mainframe middleware components . 1 1.1 Major software infrastructure on z/OS. 2 1.1.1 Scope of this book . 2 1.1.2 Overview of major z/OS application middleware. 3 1.1.3 Major z/OS infrastructure middleware overview . 5 1.1.4 Logical architecture for middleware on z/OS . 7 1.1.5 Interfaces and intercommunication . 13 1.2 Middleware security . 14 1.2.1 Self-managed . 14 1.2.2 External security manager . 15 1.2.3 Exits . 16 1.2.4 Audit and compliance reporting . 17 1.3 Considerations for programming, configuration, and performance . 18 1.4 Logging . 19 1.4.1 Internal logging and the syslog . 19 1.4.2 SMF . 20 Chapter 2. Database managers . 23 2.1 IBM DB2 for z/OS . 24 2.1.1 Security concepts and architecture. 24 2.1.2 Guidelines for configuring security . 40 2.2 IBM Information Management System . 41 2.2.1 Security concepts and architecture. 41 2.2.2 Guidelines for configuring security . 51 2.3 Virtual Storage Access Method. 52 2.3.1 Security concepts and architecture. 53 2.3.2 Guidelines for configuring security . 57 Chapter 3. WebSphere Application Servers and web servers . 59 3.1 IBM WebSphere Application Server overview . 60 3.2 Security concepts and architecture . 62 3.2.1 Global security configuration. 63 3.2.2 SSL/TLS . 75 3.2.3 Java security . 77 3.3 Interfaces (transaction systems, databases, IBM MQ, web server, and other adapters). 80 3.3.1 WebSphere Message Queue . 80 3.3.2 Event monitoring and recording (SMF, internal logging). 82 © Copyright IBM Corp. 2015. All rights reserved. iii 3.4 Guiding principles for configuring security . 82 3.4.1 Common misconfigurations. 82 3.4.2 Security considerations. 83 Chapter 4. Transaction processing systems . 91 4.1 IBM CICS Transaction Server. 91 4.1.1 Security concepts and architecture. 92 4.1.2 Guiding principles for configuring security . 112 4.2 IBM Information Management System Transaction Manager. 114 4.2.1 Security concepts and architecture. 114 4.2.2 Guiding principles for configuring security . 125 Chapter 5. IBM MQ messaging system . 127 5.1 IBM MQ security concepts and architecture . 128 5.1.1 Security setup . 128 5.1.2 IBM MQ RACF RESLEVEL profile . 133 5.1.3 IBM MQ resource security. 135 5.1.4 IBM MQ Security Management. 139 5.1.5 IBM MQ CICS adapter . 140 5.1.6 IBM MQ IMS adapter . 141 5.1.7 Channel security . 141 5.1.8 Threats and risks . 142 5.1.9 Event monitoring and recording . 142 5.2 Guiding principles for configuring security . 144 5.2.1 Common misconfigurations. 144 5.2.2 Security considerations. 145 Chapter 6. Session management. 147 6.1 IBM Session Manager basics . 148 6.2 Security concepts and architecture . 148 6.2.1 User authentication . 150 6.2.2 Static menus . 156 6.2.3 Security setup . 158 6.2.4 Session Manager commands . 162 6.2.5 Session Manager command statements. ..

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    200 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us