Every organization has a core set of mission-critical data that requires protection. Security lapses and failures are not simply disruptions, they can be catastrophic events with consequences felt across the enterprise. The inadvertent mistakes of privileged users alone can result in millions of dollars in damages through unintentional configuration errors and careless security commands. Malicious users with authorized access can cause even greater damage. As a result, security management faces a serious challenge to adequately protect a company's sensitive data. Likewise, IT staff is challenged to provide detailed audit and controls documentation in the face of increasing demands on their time. Automation and simplification of security and compliance processes can help you meet these challenges and establish effective, sustainable user administration and audit solutions. This includes security database cleanup, repeatable audit of configurations and settings, and active monitoring of changes and events. IBM Tivoli Security Management for z/OS V1.11 provides these solutions to help enhance the security of mainframe systems through automated audit and administration. In this IBM® RedpaperTM document we discuss how Tivoli® Security Management for z/OS® allows you to submit mainframe security information from z/OS, RACF®, and DB2® into an enterprise audit and compliance solution and how to combine mainframe data from z/OS, RACF, and DB2 with that from other operating systems, applications, and databases in order to provide the ability to capture comprehensive log data, interpret that data through sophisticated log analysis, and communicate results in an efficient, streamlined manner for full enterprise-wide audit and compliance reporting.

Every organization has a core set of mission-critical data that must be protected. Security lapses and failures are not simply disruptions—they can be catastrophic events, and the consequences can be felt across the entire organization. As a result, security administrators face serious challenges in protecting the company's sensitive data. IT staff are challenged to provide detailed audit and controls documentation at a time when they are already facing increasing demands on their time, due to events such as mergers, reorganizations, and other changes. Many organizations do not have enough experienced mainframe security administrators to meet these objectives, and expanding employee skillsets with low-level mainframe security technologies can be time-consuming. The IBM® Security zSecure suite consists of multiple components designed to help you administer your mainframe security server, monitor for threats, audit usage and configurations, and enforce policy compliance. Administration, provisioning, and management components can significantly reduce administration, contributing to improved productivity, faster response time, and reduced training time needed for new administrators. This IBM Redbooks® publication is a valuable resource for security officers, administrators, and architects who wish to better understand their mainframe security solutions.

The ABCs of IBM® z/OS® System Programming is an 11-volume collection that provides an introduction to the z/OS operating system and the hardware architecture. Whether you are a beginner or an experienced system programmer, the ABCs collection provides the information that you need to start your research into z/OS and related subjects. If you want to become more familiar with z/OS in your current environment or if you are evaluating platforms to consolidate your e-business applications, the ABCs collection can serve as a powerful technical tool. Following are the contents of the volumes: Volume 1: Introduction to z/OS and storage concepts, TSO/E, ISPF, JCL, SDSF, and z/OS delivery and installation Volume 2: z/OS implementation and daily maintenance, defining subsystems, JES2 and JES3, LPA, LNKLST, authorized libraries, IBM Language Environment®, and SMP/E Volume 3: Introduction to DFSMS, data set basics, storage management hardware and software, VSAM, System-managed storage, catalogs, and DFSMStvs Volume 4: Communication Server, TCP/IP, and IBM VTAM® Volume 5: Base and IBM Parallel Sysplex®, System Logger, Resource Recovery Services (RRS), global resource serialization (GRS), z/OS system operations, automatic restart management (ARM), and IBM Geographically Dispersed Parallel SysplexTM (IBM GDPS®) Volume 6: Introduction to security, IBM RACF®, digital certificates and public key infrastructure (PKI), Kerberos, cryptography and IBM z9® integrated cryptography, Lightweight Directory Access Protocol (LDAP), and Enterprise Identity Mapping (EIM) Volume 7: Printing in a z/OS environment, Infoprint Server, and Infoprint Central Volume 8: An introduction to z/OS problem diagnosis Volume 9: z/OS UNIX System Services Volume 10: Introduction to IBM z/Architecture®, IBM System z® processor design, System z connectivity, logical partition (LPAR) concepts, hardware configuration definition (HCD), and Hardware Management Console (HMC) Volume 11: Capacity planning, performance management, Workload Manager (WLM), IBM Resource Measurement FacilityTM (RMFTM), and System Management Facilities (SMF)

This IBM® Redbooks® publication examines the IBM Tivoli® Directory Server for z/OS®. IBM Tivoli Directory Server is a powerful Lightweight Directory Access Protocol (LDAP) infrastructure that provides a foundation for deploying comprehensive identity management applications and advanced software architectures. This publication provides an introduction to the IBM Tivoli Directory Server for z/OS that provides a brief summary of its features and a examination of the possible deployment topologies. It discusses planning a deployment of IBM Tivoli Directory Server for z/OS, which includes prerequisites, planning considerations, and data stores, and provides a brief overview of the configuration process. Additional chapters provide a detailed discussion of the IBM Tivoli Directory Server for z/OS architecture that examines the supported back ends, discusses in what scenarios they are best used, and provides usage examples for each back end. The discussion of schemas breaks down the schema and provides guidance on extending it. A broad discussion of authentication, authorization, and security examines the various access protections, bind mechanisms, and transport security available with IBM Tivoli Directory Server for z/OS. This chapter also provides an examination of the new Password Policy feature. Basic and advanced replication topologies are also covered. A discussion on plug-ins provides details on the various types of plug-ins, the plug-in architecture, and creating a plug-in, and provides an example plug-in. Integration of IBM Tivoli Directory Server for z/OS into the IBM Workload Manager environment is also covered. This publication also provides detailed information about the configuration of IBM Tivoli Directory Server for z/OS. It discusses deploying IBM Tivoli Directory Server for z/OS on a single system, with examples of configuring the available back ends. Configuration examples are also provided for deploying the server in a Sysplex, and for both basic and advanced replication topologies. Finally it provides guidance on monitoring and debugging IBM Tivoli Directory Server for z/OS.

Today's computing environment is subject to increasing regulatory pressures and potentially malicious attacks. Regulatory compliance, security, and audit are in the daily headlines and growing more prominent.The security of the information to which you have been entrusted has never been more critical. The reality of compliance is too complex. Compliance demands that you work carefully to set up a strong, comprehensive set of policies and controls. That means controls that consider operational data, financial data, unstructured data, spreadsheets, e-mail, and business intelligence data. We have a responsibility to secure all business data and especially sensitive customer data. Security can be difficult to manage. IBM DB2 for z/OS already resides on one of the most secure platforms in the industry. IBM System z servers are routinely used by enterprises around the world to support their mission-critical applications. The mainframe's strengths in security stem in part from its history of supporting sensitive data for large enterprises, resulting in security features being built into its design for many decades. It also benefits from a system-wide approach with security capabilities built into the hardware, operating systems, databases, key middleware and more. Its highly evolved layers and security management components give it a fundamental advantage over other systems.

Leverage Your Security Expertise in IBM® System zTM Mainframe Environments For over 40 years, the IBM mainframe has been the backbone of the world’s largest enterprises. If you’re coming to the IBM System z mainframe platform from UNIX®, Linux®, or Windows®, you need practical guidance on leveraging its unique security capabilities. Now, IBM experts have written the first authoritative book on mainframe security specifically designed to build on your experience in other environments. Even if you’ve never logged onto a mainframe before, this book will teach you how to run today’s z/OS® operating system command line and ISPF toolset and use them to efficiently perform every significant security administration task. Don’t have a mainframe available for practice? The book contains step-by-step videos walking you through dozens of key techniques. Simply log in and register your book at www.ibmpressbooks.com/register to gain access to these videos. The authors illuminate the mainframe’s security model and call special attention to z/OS security techniques that differ from UNIX, Linux, and Windows. They thoroughly introduce IBM’s powerful Resource Access Control Facility (RACF) security subsystem and demonstrate how mainframe security integrates into your enterprise-wide IT security infrastructure. If you’re an experienced system administrator or security professional, there’s no faster way to extend your expertise into “big iron” environments. Coverage includes Mainframe basics: logging on, allocating and editing data sets, running JCL jobs, using UNIX System Services, and accessing documentation Creating, modifying, and deleting users and groups Protecting data sets, UNIX file system files, databases, transactions, and other resources Manipulating profiles and managing permissions Configuring the mainframe to log security events, filter them appropriately, and create usable reports Using auditing tools to capture static configuration data and dynamic events, identify weaknesses, and remedy them Creating limited-authority administrators: how, when, and why

This IBM® Redbooks® publication helps you to become familiar with the technical changes that were introduced into the Availability Management areas with IBM z/OS® V2R2. This book is one of a series of IBM Redbooks that take a modular approach to providing information about the updates that are included with z/OS V2R2. This approach has the following goals: - Provide modular content - Group the technical changes into a topic - Provide a more streamlined way of finding relevant information that is based on the topic We hope you find this approach useful and we welcome your feedback.

This IBM® Redbooks® publication documents the strength and value of the IBM security strategy with IBM zTM Systems hardware and software. In an age of increasing security consciousness and more and more dangerous advanced persistent threats, IBM z SystemsTM provides the capabilities to address the needs of today's business security challenges. This publication explores how z Systems hardware is designed to provide integrity, process isolation, and cryptographic capability to help address security requirements. We highlight the features of IBM z/OS® and other operating systems, which offer a variety of customizable security elements. We discuss z/OS and other operating systems and additional software that use the building blocks of z Systems hardware to provide solutions to business security needs. We also explore the perspective from the view of an enterprise security architect and how a modern mainframe has to fit into an overarching enterprise security architecture. This book is part of a three-volume series that focuses on guiding principles for optimized mainframe security configuration within a holistic enterprise security architecture. The series' intended audience includes enterprise security architects, planners, and managers who are interested in exploring how the security design and features of z Systems, the z/OS operating system, and associated software address current issues such as data encryption, authentication, authorization, network security, auditing, ease of security administration, and monitoring.

This IBM® Redbooks® publication explores various implementations of z/OS® Identity Propagation where the distributed identity of an end user is passed to z/OS and used to map to a RACF® user ID, and any related events in the audit trail from RACF show both RACF and distributed identities. This book describes the concept of identity propagation and how it can address the end-to end accountability issue of many customers. It describes, at a high level, what identity propagation is, and why it is important to us. It shows a conceptual view of the key elements necessary to accomplish this. This book provides details on the RACMAP function, filter management and how to use the SMF records to provide an audit trail. In depth coverage is provided about the internal implementation of identity propagation, such as providing information about available callable services. This book examines the current exploiters of z/OS Identity Propagation and provide several detailed examples covering CICS® with CICS Transaction Gateway, DB2®, and CICS Web services with Datapower.

Organizations today are more widely distributed than ever before, which can make systems management tasks, such as distributing software, patches, and security policies, extremely challenging. The IBM® Tivoli® Endpoint Manager platform is architected for today's highly diverse, distributed, and complex IT environments. It provides real-time visibility and control through a single infrastructure, single agent, and single console for systems lifecycle management, endpoint protection, and security configuration and vulnerability management. This platform enables organizations to securely manage their global IT infrastructures faster and more accurately, resulting in improved governance, control, visibility, and business agility. Plus, it gives organizations the ability to handle tomorrow's unforeseen challenges. In this IBM Redbooks® publication, we provide IT security professionals with a better understanding around the challenging topic of endpoint management in the IT security domain. We focus on IBM Tivoli Endpoint Manager for Security and Compliance and describe the product architecture and provide a hands-on design guide for deploying the solution. This book is a valuable resource for security professionals and architects who want to understand and implement a centralized endpoint management infrastructure and endpoint protection to better handle security and compliance challenges.