Sep 1 ’03

z/Vendor Watch:  Keeping the Intruders Out

by Editor in z/Journal

Most mainframers would claim that the S/390 platform is the most secure in the world. Certainly, when it comes to bulletproof log-ins, support for the highest levels of cryptography, and the flexible partitioning and control of access to data and system resources, the zSeries is hard to beat. RACF, ACF2, and CA-Top Secret have offered a unique type of security environment for decades, and one of the strongest arguments for consolidating Linux apps on the mainframe is that they can benefit from security facilities that are unavailable elsewhere.

One security technology that is still relatively new on the z/Series, however, is intrusion detection. As strong as existing tools are, they have never been designed to cope with the increasingly subtle violations carried out by hackers and intruders, both outside and inside the organization.

Event-based intrusion detection software needs to constantly monitor system usage, identifying irregular access patterns, potential breaches of security policies, and areas of possible configuration weakness, and react to this information in real-time, according to predefined rules. Because of the high level of integration needed with other security tools, and the rapidly changing nature of cyber crime, intrusion detection is a notoriously difficult technology to customize to individual companies. However, over the last few months, a number of products have emerged from the RACF community, which look very promising indeed. Consul Risk Management Inc. recently announced zAlert, which collects detailed event information in real-time from mainframe and Unix systems, monitors for intruders and system configuration problems, and either sends out alerts to administrators or takes immediate action by shutting down an application or denying access to suspect users.

Meanwhile, Vanguard Integrity Professionals has launched its Enforcer intrusion detection software, which offers a similar range of monitoring, resource protection, and policy-based, self-healing features. It also offers very flexible focusing of security resources on specific groups of users. IBM itself it laying great store by its Intrusion Detection Services, which now form a key part of its security management strategy for the zSeries platform. If you haven’t yet considered an automated response to unwelcome visitors, now might be a good time to look at the options available.

HOST INTEGRATION SERVER

According to a recent article by Scott Bekker in ENT News, Microsoft has been surprised by the continued success of its Host Integration Server (the follow-on to SNA Server), its key product for connecting Windows servers with zSeries and iSeries/400 systems. Microsoft Senior Vice President Paul Flessner is quoted as saying, “I thought [sales of Host Integration Server would] dip. But they kept going along. We don’t market it. I took the development team down to a very small team — from a peak of about 80 people down to about six. But it’s still a very critical product to customers who want it.”

Maybe someone should tell Mr. Flessner that cutting the marketing budget won’t reduce the world’s reliance on Windows/mainframe interoperability! Microsoft is so happy with the revenue stream from the product that it has a new version in Beta, scheduled for delivery next year.

IN BRIEF

Other items that have crossed my radar in recent weeks include:

FINALLY. . .

One for our European readers: I’m arranging a breakfast club here in the UK — a series of regular sponsored meetings devoted to technical and financial mainframe topics. Attendance will be free for users, so please sign up if you’re interested. Find out more at www.arcati.com/mbn. Z