Securing Cyber Space: Safeguarding Access to Critical Resources Peter Hager, CEO Earl Rasmussen, President Vanguard Security and Compliance Conference June 25, 2012 Net‘Q brings Security into the Net Copyright Net`Q GmbH, 2000-2012 Page 0 Agenda Changing Environment Mainframes, the Internet, the Cloud Increased Security Threats Security Cases Impact Solutions Summary Copyright Net`Q GmbH, 2000-2012 Page 1 Role of Mainframes Over 70% of World’s Critical information Major Industry/Government reliance: Finance Energy Retail Telecommunications Transportation Government Cloud Computing Environment Copyright Net`Q GmbH, 2000-2012 Page 2 Role of Mainframes 70 percent of all corporate data and 75 percent of all business logic still resides on mainframe Executing nearly 30 billion transactions a day valued at over $1 trillion a week Running $30 trillion of applications 73 Percent of Organizations confirm that the Mainframe is part of their Cloud Computing Strategy Over 60% of World-wide WAN Traffic is SNA Based Copyright Net`Q GmbH, 2000-2012 Page 3 Millions invested in protecting mainframes Yet ….. Estimates are that 90% of mainframes worldwide are insecure And …. Nearly 95% are interconnected Copyright Net`Q GmbH, 2000-2012 Page 4 Increased Security Threats “New technologies that enhanced the availability of SNA with more dynamic network recovery and the use of the faster IP infrastructure has “opened” the SNA networking environment. “ “Organized crime and unorthodox governments have the resources to hire career IT criminals that have the sophistication to attack a SNA network in order to find a big prize.” Source: “Securing an SNA Environment for the 21st century”, White Paper, IBM, 2008 Copyright Net`Q GmbH, 2000-2012 Page 5 2011 Breaches Continue to Grow Incidents skyrocketed to over 174 million records 94% of Data breaches on servers 58% of Breaches Involved activist groups 98% of Breaches from external agents 81% of Breaches involved hacking 69% of Breached records involved malware 92% of Breaches were discovered by third parties Source: Verizon 2012 Data Breach Investigation Report Copyright Net`Q GmbH, 2000-2012 Page 6 Small-Medium Business Targeted Over 55% of SMB experienced fraud attacks. 50% experienced multiple incidents. 80% of attacks were undetected by the bank. 87% failed to recover from lost funds. 40% of those compromised changed banks. Only 30% of SMBs feel banks are adequately safeguarding their accounts. Source: Guardian Analytics and Ponemon Institute Copyright Net`Q GmbH, 2000-2012 Page 7 Cyber Crime Targets Banking and Finance Hospitality Retail Manufacturing Government Telecommunications Health Care Energy Copyright Net`Q GmbH, 2000-2012 Page 8 The Risk – Are You Safe? There are two types of companies: Those that have been hacked and those that have been hacked but do not know it!! Bank of Scotland TJX Google Adverse Economic Impacts HBGary Heartland Payment Systems Loss of Sensitive Data Health Net DuPont Compromised Intellectual property RSA Security Privacy Invasion and Personal Data Theft Legal Implications Global Payments Reduced Trust and Confidence Sony Copyright Net`Q GmbH, 2000-2012 E-Trade Bank of America Epsilon LinkedIn Monster.com WordPress Hannaford Bros. Page 9 New “Flame” Cyber Weapon Kaspersky Labs have uncovered a massive cyber threat Creators of the virus used a network of some 80 servers across Asia, Europe and North America to remotely control infected machines Copyright Net`Q GmbH, 2000-2012 Page 10 Codename Worm.Win32.Flame Copyright Net`Q GmbH, 2000-2012 Page 11 Did you ever hear about new codename Worm.Z.Frame? Copyright Net`Q GmbH, 2000-2012 Page 12 Documented Hacking Cases We have documented cases of security violations which have occurred in the mainframe environment They have caused unauthorized viewing of data, free access to databases, unauthorized access to applications, and prolonged outages Copyright Net`Q GmbH, 2000-2012 Page 13 Security Cases Security Case 19 – Hijacking Security Case 20 – Malicious Software Security Case 21 – Rogue Intermediate Network SNA Switches Hacker-to-Go Copyright Net`Q GmbH, 2000-2012 Page 14 Security Environment Large Institutions Multiple External Connections IP Sec (to external connections) IP Firewall SSL Encryption RACF Single Sign-On Secure ID Cards Copyright Net`Q GmbH, 2000-2012 Page 15 Migrating SNA/APPN/APPC to IP Networks see IPSec Applications see SNA/APPN/APPC TN3270 - Telnet 3270 3270 data streams encapsulated in TCP packets. TN- server converts TCP Packets with SNA Packets. IP-HDR TN Server APPL Encypted Data TN3270 IP@ IP@ EE EE - Enterprise Extender SNA (HPR) frame encapsulated in UDP packets APPL VIP@ APPL IP@ VIP@ DLSw DLSw - Data link switching SNA frame encapsulated in TCP packets IP@ Circuit is still SNA/APPN/APPC DLSw APPL Copyright Net`Q GmbH, 2000-2012 EE EE EE TN3270 SNA-Circuit Page 16 IP Encrypting SNA data DLSw APPL EE EE EE TN3270 Circuit Circuit is still SNA/APPN/APPC Positive SNA packets are encrypted when transported between IP addresses Negative SNA packets are encrypted when transported between IP addresses SNA packets appear unencrypted at SNA/APPN/APPC nodes Content of SNA Packets appear unencrypted to applications IP based firewalls have no control over SNA activities Copyright Net`Q GmbH, 2000-2012 Page 17 Migrating SNA Summary SNA Hardware Devices disappeared NCP, 3745, 3174, 3600 and many more … Peripheral Terminal became Applications. Most of the legacy Applications still exist and are running ( IMS, CICS, TSO, TSO, RACF, JES, NetView ) VTAM API interfaces have not changed. Copyright Net`Q GmbH, 2000-2012 Page 18 Copyright Net`Q GmbH, 2000-2012 Page 19 Copyright Net`Q GmbH, 2000-2012 Page 20 Hijack TN3270 SSL-Encrypted Connection ? Switch at the right moment Telnet Server Target Application Rogue 3rd Party Application Innocent APPL Switch APPL Telnet Server Rogue APPL One of many good moments to switch is shortly before the target application times out. Idle time is easy to monitor and calculate by third party application 1. Send timeout message to innocent user before target application times out 2. Switch to rogue user 3. In case innocent user logs on again, switch back to innocent user 4. Activity of rogue user will avoid timeout at target application Copyright Net`Q GmbH, 2000-2012 Page 21 Malicious Software Telnet Server Rogue 3rd Party Application Target Application Innocent APPL Switch APPL 1, 2 3, 4 Copy of Rogue 3rd Party Application 1. A customer who experienced Hijacking found suspicious files on several mainframes. These suspicious files independently started sessions to other applications. 2. After in-depth analysis the customer discovered that the suspicious files were ‘replications’ of the same type. 3. In a test project they tested how successful ‘harmless replicated files’ could be distributed. The result after one weekend was 500 replicates at 20 different networks. Copyright Net`Q GmbH, 2000-2012 Page 22 Rogue Intermediate Network - 1st step to get more … SNA 1 TN Server Innocent User CPE Entry Network: NETE 2 3 4 Intermediate Network: CPI NETI CPIx Rogue Destination Network: NETD 5 1. 2. 3. 4. 6 CPX Real Copyright Net`Q GmbH, 2000-2012 5. 6. Initself TNLU001 - LUCICS Send Search / Locate to CPI CPI finds LUCICS inside NETI Logon Exit driven in Rogue LUCICS Logon exit of Rogue application sends both partner names to another rogue location. There are several ways to do: FTP, Email info or IN$FILE. Rogue LUCICS issues CLSDST, OPTCD=PASS to NETD.LUCICS Logon to real LUCICS completes successfully Page 23 2nd step done through another Rogue Party SNA 1 TN Server Innocent User CPE Entry Network: NETE 2 3 4 5 Rogue Network: NETR CPIx Intermediate Network: Ra NETI CPI Rogue Rb Spoofed Network: NETE Destination Network: 7 6 R. Remote location starts up two applications and NETD CPX Real a) Starts session NETR.LUCICS - NETE.TNLU001 b) Starts session NETE.TNLU001 – NETD.LUCICS 5. As soon as the remote location was able to contact NETI, Rogue LUCICS issues CLSDST, OPTCD=PASS to NETR.LUCICS Copyright Net`Q GmbH, 2000-2012 Page 24 Rogue Intermediate Network, what another Rogue Party can do .. Spoofed Rogue NETE NETR Real NETE Telnet Server Innocent Telnet Server Rogue Switch Real TNLUXXX Switch in Spoofed NETE.TNLU001 can Hijack like reported in Violation Case 19-3 RACF in real z/OS does not recognize it gets spoofed IP based firewall does not recognize this attack APPN-EE Firewall protects, as it is being able to check authentication of CP-CP connections and it is discovering insufficient security definitions Copyright Net`Q GmbH, 2000-2012 Page 25 Rogue Intermediate Network, what another Rogue Party can do .. Spoofed Rogue NETE NETR ATM, Terminal Real Entry Network Innocent Printer 3270, TelNet3270, TPX, NVAS … Printer APPC, MQ-Series, CICS, IMS, DB2 Rogue Scripts Real Rogue APPL Rogue Scripts and Programs inside NETR.LUCICS can be hacked selectively. All sessions sending search/locates through Intermediate Network NETI Regardless from which Entry Network to real LUCICS they are coming through. fe. NETE1, NETE99 … Possible attacks: a) Hijack authenticated sessions b) Copy data, c) modify data d) spy for events e) denial of service Copyright Net`Q GmbH, 2000-2012 Page 26 Parallel Sysplex Concept Entry Node (EN) Copyright Net`Q GmbH, 2000-2012 Network Node (NN) Page 27 SNA Switching Local Router NN EN NN .... NN DLSw NN EN EN EN EN EN EN AS-400 z/OS Extends Parallel Sysplex to the Desktop Un-Authenticated CP-CP Sessions Enables Encrypted Open Access to Core Mainframe Copyright Net`Q GmbH, 2000-2012 Page 28 Hacker-to-Go … Plug to any Laptop or PC *** Legally Free Software *** Develop & Test VTAM Applications. TSO - H-Assembler - LinkEdit - VTAM plus Web and FT access *** Downloadable z/OS Software from Internet available *** z/OS 1.10 including APPN Crossnet and RACF and REXX IP much more … Both versions need just 8 GB USB stick Copyright Net`Q GmbH, 2000-2012 Page 29 Logon User Data Up to 255 bytes Created by application code or entered by terminal users Transmitted within the logon flows Provided by Communication Servers to Applications in clear text Can contain any text string including USERID, PWD, PIN CODES, Social security IDs or other sensitive data Often there was no security policy existing when legacy applications were originally designed Pertains to all types of SNA sessions Copyright Net`Q GmbH, 2000-2012 Page 30 User Data carried on logon flows EE Comm Server CP-CP Circuit Comm Server EE EE CP-CP Circuit CP-CP Circuit Comm Server APPL1 APPL2 CP-CP Circuit CDRM-CDRM Circuit APPL3 Logon User Data Included inside the logon flows search/locates and provided to applications Distributed intra and cross LPAR, cross DLSw ( SNASw ), cross MS HIS Searches can distribute user data to external networks / applications ADJCP and ADJSSCP tables of Comm Server define search order Original Comm Server has no control over how adjacent servers search Start Parameter SNVC of original Comm Server defines search depth Copyright Net`Q GmbH, 2000-2012 Page 31 User Data transported inside BIND APPL LU-LU Circuit APPL Bind User Data Up to 65 bytes Created by application code Carried within the SNA BIND command and delivered to partner applications Provided by Communication Servers to Applications in clear text User Data is carried crossnet if search locate found the partner there. Copyright Net`Q GmbH, 2000-2012 Page 32 User Data transported inside BIND to TN3270E APPL LU-LU Circuit Telnet Server Check: IP@, Telnet, SSL Bind User Data TN3270 server provides User Data to TN3270 client ( RFC 1647 ) User Data is provided in clear text to TN3270 client IP based firewall has no control over user data, because telnet server encrypts IP data packets. Copyright Net`Q GmbH, 2000-2012 Page 33 Observation 1, providing UID & PWD A large financial organization. We have found applications transmitting USERID and PASSWORD as User Data, of which many of them were of privileged users / administrators. In a conference call, network team assured that this was just inside their own network. Closer analysis of recordings revealed that USERIDs and PASSWORDs were distributed to other networks. In some cases USERIDs and PASSWORDs were received from a third party CP which did not have direct a CP-CP connection. Copyright Net`Q GmbH, 2000-2012 Page 34 Observation 2, Injection Another large financial organization. Hackers were sending in User Data inside Logon requests in the form of an inquiry such as: INQ userid opt=PWD|PIN|SSID An exit of the destination APPL reacted by sending the WWD|PIN|SSID included in the BIND command back. Closer analysis of recordings showed USERIDs and PASSWORDs were distributed to other networks. In some cases USERIDs and PASSWORDs were received from third party Gateways which did not have direct a CP-CP connection. Copyright Net`Q GmbH, 2000-2012 Page 35 User Data – Security Considerations Be aware of the Transmission of sensitive Information Ensure Security Policy Compliance Coordinate between System, Security, Risk, and Business Review Policies for USERDATA and applications using USERDATA Collect, Record, and Analyze USERDATA Monitor and Manage use of USERDATA Re-evaluate Periodically Security Risks and Implications Single Sign-on and Secure ID Cards may solve the USERID/PASSWORD problem Copyright Net`Q GmbH, 2000-2012 Page 36 What can hackers do? Identification Theft Data Theft and Modification Fraudulent Transactions Monitor Real-Time Data Flow Malicious Software / Malware Intrusion Activities recorded as authorized user/application Copyright Net`Q GmbH, 2000-2012 Page 37 Neutralizes Security Investments IP Firewalls Encryption Secure ID cards Single Sign-on with changing passwords RACF Pass Ticket RACF/TSS/ACF2 will not recognize Copyright Net`Q GmbH, 2000-2012 Page 38 APPN-EE Firewall Components Base Package Host Part Net-Examine Optimization VTAM Security Generator RACF/ACF2/TSS Security Generator VTAM Performance Generator Compliancy Corporate Compliancy Sarbanes-Oxley Compliancy NIST Compliancy Client / Master MASTER Set Handler CLIENT Functions Suites Corporate Compliance Suite Sarbanes-Oxley Compliance Suite NIST Compliance Suite Copyright Net`Q GmbH, 2000-2012 Page 39 Product Operation Scheme Mainframes SysPlex 1 SysPlex 2 Sys Cons Sys Cons Firewall Firewall SysPlex nn Sys Cons Firewall Remote Virtual Resources • • • • Precustomized Net-Examine Clients Downloadable FW Config File VTAMLST PARMLIB SMF Net-Examine Suite + Add-on Functions Security Server Web Server Ongoing Security Examinations Other Security Management Copyright Net`Q GmbH, 2000-2012 NetView Tivoli zSecure Suite VanGuard Page 40 US Financial Industry Findings Copyright Net`Q GmbH, 2000-2012 Page 41 Administrate SNA Firewall Both, Security and Network Team needs to agree on any changes Get for more info at: http://www.net-q.com/ssl/NetQRuleChangeProcess2.html Copyright Net`Q GmbH, 2000-2012 Page 42 LUCK checks Conditions for 3rd Parties RACF SNA TN3270 SSL Encryption in IP Network Check: IP@, Telnet, SSL Target Application TN Server APPL I P @ IP Single Sign-on Innocent I P @ 2 1 LUCK Same day, while innocent user‘s session is active 1. Check condition to start session to PLU 99% of chance to activate session from LUCK 2. Check condition to start session to SLU No chance while TN Server LU is in session with Target Application Copyright Net`Q GmbH, 2000-2012 Page 43 LUCK checks Conditions for 3rd Parties RACF SNA TN3270 SSL Encryption in IP Network Check: IP@, Telnet, SSL Target Application APPL X TN Server I P @ IP Single Sign-on Innocent I P @ 2 1 LUCK When Innocent User logged off 2. Good % of chance to activate session from LUCK Reports successful Copyright Net`Q GmbH, 2000-2012 Page 44 LUCK informs other applications RACF SNA TN3270 SSL Encryption in IP Network Check: IP@, Telnet, SSL Target Application APPL X TN Server I P @ IP Single Sign-on Innocent I P @ 2 LUCK When both PLU and SLU accept session 1. Update LUCK Status-Databases 2. Give Info to other 3rd parties (List congigurable) o Same LPAR o External LPAR in same SysPlex o External LPAR in same Network o External LPAR in other Network Copyright Net`Q GmbH, 2000-2012 Page 45 LUCK Does . . . Checks Status of Logical Units Checks Connectivity to Logical Units using pregiven Logmodes/Bindimages within Network and Cross Network Establishes and immediately terminates Sessions to PLU/SLU Creates Security reports Designed for large networks Copyright Net`Q GmbH, 2000-2012 Page 46 LUCK Does Not . . . Does not send or receive data on any session Does not keep any sessions connected Does not Acquire Resources except specially requested Does not only check TN3270 LU, it checks all LU Copyright Net`Q GmbH, 2000-2012 Page 47 LUCK, Input Output FTP z/OS Comm Server VTAMLST APPN-EE Firewall NetExamine Manually configured input z/OS CommServer Trace files External LUCK LUCK Primary Log Secondary Log Postponed Database Error Log Predictive Security Reports Copyright Net`Q GmbH, 2000-2012 Page 48 Predictive Security Report 5750 How many sessions would allow 3rd Man in middle attacks Hijacked Sessions Obsolete Secure ID cards like RMF Obsolete RACF Pass Tokens 35822 Copyright Net`Q GmbH, 2000-2012 Page 49 Codename Worm.Win32.Flame Copyright Net`Q GmbH, 2000-2012 Page 50 Did you ever hear about new codename Worm.Z.Frame? Copyright Net`Q GmbH, 2000-2012 Page 51 New APIs make things easier REXX REXX IP socket API REXX VTAM API REXX SAF API REXX SQL REXX UTIL ITIES Others are available, list is not complete ... - REXX language used for z/OS exits, - Search Internet for others - Check for homegrown REXX solutions Copyright Net`Q GmbH, 2000-2012 Page 52 New API makes things easy REXX VTAM socket API This API function package eliminates the need of coding VTAM applications in Assembler language. Basically this technology can be used with VTAM similar to coding mainframe exits in REXX language. It enables the ability to code all interfaces to VTAM SNA, z/OS Console and Trace capture in REXX language. REXX IP socket API, provided by IBM with z/OS V1R7, ( since 2005 ) The sample programs and the jobs that you can use to run them are located in the SEZAINST file. The following information applies to the batch jobs: The batch job REXXAPI runs standalone socket EXECs and TCP/IP clients. The batch job REXXAPIS runs TCP/IP servers. The batch job REXXAPIT runs the subtask that is required to test the REXAPI04 program. Copyright Net`Q GmbH, 2000-2012 Page 53 REXX VTAM socket API sample Command ===> Scroll ===> PAGE 000084 /* Open the ACB */ 000085 Call NRXFVTAM 'OPEN_ACB',WKAR._ACB1._ADR_C /* result is RC from z/OS 000086 If result>0 Then Do; Say NRXF.0ERMSG; Exit; End 000087 Say 'ACB1 opened successfully.‘ 000092 /* SETLOGON */ 000093 TESTRPL1.0PARMLIST = 'OPTCD' 000094 TESTRPL1.0OPTCD = 'SYN START’ 000096 Call NRXFVTAM 'SETLOGON',WKAR._RPL1._ADR_C,'TESTRPL1.' 000097 If result='' Then Do; Say NRXF.0ERMSG; Exit; End 000098 If result<>0 Then Do; Say NRXF.0ERMSG; Exit; End 000099 Say 'SETLOGON is done. Feedback = 'NRXF.0FEEDBACK_X 000102 /* INQUIRE STATUS */ 000104 Call NRXFMEM 'VALUE','WKAR._NIB1._NIBNET',left(netid,8) 000105 Call NRXFMEM 'VALUE','WKAR._NIB1._NIBSYM',left(luname,8) 000112 Call NRXFVTAM 'INQUIRE',WKAR._RPL1._ADR_C,'TESTRPL1.' 000113 If result='' Then Do; Say NRXF.0ERMSG; Exit; End 000114 If result<>0 Then Do; Say NRXF.0ERMSG; Exit; End 000115 Say 'INQUIRE STATUS is done. Feedback = 'NRXF.0FEEDBACK_X Copyright Net`Q GmbH, 2000-2012 Page 54 FRAME Client capabilities I Target Addr Space Client -Server connection FRAME automates activities and interfaces to VTAM, IP and files . . . Frame Running Outside the target and only IP connectable May be able to login using TN3270, WebSphere or SNA if userid & password are known by one of the controlling servers If ‘predefined’ userids & passwords FRAME can access files and can do transactions based on the users profile Copyright Net`Q GmbH, 2000-2012 1. USER DATA transmission 2. IP connection 3. SNA/LEN/APPN connection Tries to interconnect to other servers/clients whatever connection-type is first successful Remotely controlled by external FRAME servers External FRAME servers receive captured applications Page 55 FRAME Client capabilities II Target Addr Space APPL1 APPL2 Client -Server connection FRAME automates activities and interfaces to VTAM, IP and files . . . 1. USER DATA transmission 2. IP connection 3. SNA/LEN/APPN connection Frame Running outside the target and SNA connectable Hijacking connections within/cross LPAR or cross NET Replicate FRAME using hijacked USERID rights Send/receive User data to provide info to new replicates Capture data flows Capture 3270 panels Read /write datasets based on hijacked USERs rights Acsess Sys console Issue VTAM / TCP commands Access Trace and CNM Data More .. Copyright Net`Q GmbH, 2000-2012 Page 56 FRAME Client capabilities III Target Addr Space APPL1 APPL2 Client -Server connection FRAME automates activities and interfaces to VTAM, IP and files . . . 1. USER DATA transmission 2. IP connection 3. SNA/LEN/APPN connection Frame Running inside the target and SNA connectable Hijacking connections within/cross LPAR or cross NET Replicate FRAME using hijacked USERID rights Send/receive User data to provide info to new replicates Capture data flows Capture 3270 panels Read / write datasets based on hijacked USERs rights Access Sys console Issue VTAM / TCP commands Access Trace and CNM Data More ? Copyright Net`Q GmbH, 2000-2012 Page 57 REXX Interpret Instruction /* REX Base code */ Rc=rexint( file5, [Servers] ) Return 0 REXINT: rexfile = arg(1) Servers = arg(2) If Servers = '‚ rc=(rexint_local) Return 0 REXINT_LOCAL: /* INTERPRET LOCAL FILE */ do while lines(rexfile)>0 line = linein(rexfile) INTERPRET line End return Copyright Net`Q GmbH, 2000-2012 Local File /* REXX EZARXR02 */ src = socket("INITIALIZE","MYSET01",10); if perror(src,"INITIALIZE") = 0 then do src = socket("SOCKET","AF_INET6","STREAM"); if perror(src,"SOCKET") = 0 then do parse var src l_retcode l_sockid src = perror(socket("CLOSE",l_sockid),"CLOSE"); end; /* SOCKET */ end; /* INITIALIZE */ src =perror(socket("TERMINATE","MYSET01"),"TERMINATE"); exit 0; /* Routine returns -1 if first word if arg 1 not zero */ perror: if word(arg(1),1) = 0 then return 0; else Say arg(2) "Error : "arg(1); return -1; Page 58 Remote Code Executing Locally Remote Server Files /*Open the ACB */ Call NRXFVTAM 'OPEN_ACB',WKAR._ACB1._ADR_C If result>0 Then Do; Say NRXF.0ERMSG; Exit; End Say 'ACB1 opened successfully.‘ /* SETLOGON */ TESTRPL1.0PARMLIST = 'OPTCD‘ TESTRPL1.0OPTCD = 'SYN START’ Call NRXFVTAM 'SETLOGON',WKAR._RPL1._ADR_C,'TESTRPL If result='' Then Do; Say NRXF.0ERMSG; Exit; End If result<>0 Then Do; Say NRXF.0ERMSG; Exit; End Say 'SETLOGON is done. Feedback = 'NRXF.0FEEDBACK_X Multiple Remote servers searched for files Multiple Media types tried to connect each server Copyright Net`Q GmbH, 2000-2012 Page 59 Another way to run z/OS Free Hercules z/OS Emulation Search Google : Free Download Hercules Emulation Free z/OS Search Google: Free Download ibm adcd z/os 1.13 Warning: You may have already bought a license from IBM? You can run z/OS either Windows, Linux or APPL platform Free TN3270 emulation on Windows, Microsoft Mobile, IPad, IPhone IBook, Blackberry or Android REXX VTAM API downloadable from Internet REXX IP Sockets API included in z/OS Literature: Search Google : REXX Language: A Practical Approach to Programming Search Google : MVS TSO: Commands, CLIST & REXX Copyright Net`Q GmbH, 2000-2012 Page 60 FLAME - FRAME Comparison FLAME FRAME LUA REXX PCs connected to local LAN Flash drives? Bluetooth Can record sounds and videos Captures screenshot images Log messaging conversations Hijacking connections within/cross LPAR or cross NET ? Replicate FRAME using hijacked USERID rights ? Send/receive User data to provide info to new replicates Capture data flows Capture 3270 panels ? Read / Write datasets based on hijacked USERs rights Access Sys console Issue VTAM / TCP commands at mainframe console Programming Language Copyright Net`Q GmbH, 2000-2012 Page 61 In-Depth and Holistic View Look Across the Entire Organization Keep Aware of Emerging Threats Understand Security Risks and Business Impact Conduct an In-Depth Assessment Review Organizational Policies Cross Organizational Communications Be Proactive Copyright Net`Q GmbH, 2000-2012 Page 62 Summary Mainframes will continue to play a critical role Mainframe are being integrated as part of organizational Cloud Strategies Security Continues to be a Concern Threats are Similar whether IP or SNA based Security Necessitates an In-Depth and Holistic Perspective Security is not an IT Decision – It’s a Business Decision Copyright Net`Q GmbH, 2000-2012 Page 63 Questions? Copyright Net`Q GmbH, 2000-2012 Page 64 Contact Peter Hager CEO Net`Q GmbH (202) 470-2563 [email protected] Earl Rasmussen President, Net‘Q America (202) 470-2697 [email protected] Copyright Net`Q GmbH, 2000-2012 Page 65 Thank You! Copyright Net`Q GmbH, 2000-2012 Page 66
© Copyright 2024