Front cover Introduction to the New Mainframe: Security Fundamentals of security Security on mainframe hardware and software Compliance with security standards Rica Weller William C Johnston Ross Clements Patrick Kappeler Ken Dugdale Linda Kochersberger Per Fremstad Abey Tedla Olegario Hernandez Jeff Thompson Ashwin Venkatraman ibm.com/redbooks International Technical Support Organization Introduction to the New Mainframe: Security March 2007 SG24-6776-00 Note: Before using this information and the product it supports, read the information in “Notices” on page 505. First Edition (March 2007) © Copyright International Business Machines Corporation 2007. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Preface . xv How this text is organized . xvi How each chapter is organized . xvii About the authors . xvii Acknowledgements . xix Comments welcome . xx Part 1. Overview of security fundamentals . 1 Chapter 1. Security and the mainframe. 3 1.1 Business security in real life . 4 1.1.1 Security means staying in business - even in a disaster. 4 1.1.2 What is security. 5 1.1.3 Classifying the value of data . 6 1.1.4 Security is about managing risk . 6 1.2 What is a mainframe . 7 1.2.1 Mainframes lead the industry . 8 1.2.2 Ability should not exceed authority . 9 1.3 Summary . 9 1.4 Key terms . 10 1.5 Questions for review . 11 1.6 Topics for further discussion . 11 Chapter 2. The Internet Bookstore - a case study . 13 2.1 The business scenario . 15 2.2 The core business of the bookstore . 16 2.3 The IT environment for the case study . 17 2.3.1 Your customer. 18 2.3.2 Your Internet Bookstore business processes . 19 2.3.3 The bank . 20 2.3.4 The courier . 20 2.4 Securing your business . 21 2.5 Summary . 22 2.6 Key terms . 23 2.7 Questions for review . 23 2.8 Topics for discussion. 23 2.9 Exercises. 23 © Copyright IBM Corp. 2007. All rights reserved. iii Chapter 3. Security concepts. 25 3.1 Introducing confidentiality, integrity, availability. 26 3.2 Confidentiality . 28 3.2.1 Threats to confidentiality . 30 3.2.2 Confidentiality models . 32 3.3 Integrity . 33 3.3.1 Threats to integrity . 34 3.3.2 Integrity models. 36 3.4 Availability . 37 3.5 Risk . 39 3.6 Summary . 40 3.7 Key terms . 42 3.8 Questions for review . 42 3.9 Questions for discussion . 42 3.10 Exercises. 43 Chapter 4. Elements of security. 45 4.1 Identification . 46 4.1.1 User ID definition. 46 4.1.2 Passwords. 47 4.2 Digital certificates and secure channels . 48 4.3 Authentication . 49 4.4 Roles and separation of duties . 51 4.5 Authorization . 52 4.5.1 Access control lists and rules . 54 4.5.2 Classification of data and users . 57 4.5.3 Conditional access and temporal access . 58 4.5.4 Discretionary access controls and mandatory access controls. 59 4.6 Encryption and cryptography. 59 4.6.1 When do we use encryption . 60 4.6.2 Symmetric encryption and asymmetric encryption . 60 4.7 Logging and auditing . 61 4.8 Summary . 62 4.9 Key terms . 63 4.10 Questions for review . 64 4.11 Questions for discussion . 64 4.12 Exercises. 64 Part 2. Hardware and networking security . 65 Chapter 5. System z architecture and security. 67 5.1 Privacy and trust at the bottom line . 68 5.2 The system architecture . 68 5.3 A very particular user: the operating system . 69 iv Introduction to the New Mainframe: Security 5.4 Looking deeper into the operating system . 70 5.4.1 Control instructions and general instructions . 70 5.5 Controlling the execution of instruction flows . 72 5.5.1 The program status word (PSW). 73 5.5.2 How the PSW is primed . 74 5.6 The interruption concept and mechanism . 75 5.6.1 The interruption mechanism . 77 5.7 Storage protection . ..