z/OS v1.13 will be the last release to support BPX.DEFAULT.USER, a feature used by nearly 90 percent of sites that use RACF, according to a recent survey conducted by RSH Consulting. What does this mean for these users? Here, we examine the tasks and considerations related to its replacement…

What if you make a purchase online and during your transaction, someone steals your credit card information? That simple transaction sets off a whole chain of events, which culminates with you, as the consumer, likely never purchasing from that retailer again and questioning the security of the bank holding your credit card…

My May column discussed how to review your installation’s protection of disk data sets, including whether the security software gets control, what happens if there’s no matching rule, and protection by both dsname and volser. Here I will provide further coverage of disk data sets, addressing undercutting rules in memory and user privileges that bypass data set protection…

In previous columns, I described a structured approach to evaluating your mainframe security, starting with controls over access to the system. I also described how your security software (RACF, ACF2, or Top Secret) can control system access for each of several paths, including TSO, started tasks, and batch jobs…

Here we continue our discussion of security over each path into the system and consider started tasks and consoles. When an operator at a console in the computer room types the command “START MARY” and hits ENTER, the system finds the Job Control Language (JCL) named MARY and executes it. The JCL for MARY, with an EXEC statement specifying what program to execute and DD statements defining what data sets to make available to that program, looks similar to a batch job. However, it’s a started task, representing yet another path into the system…

Here we continue our discussion of security over each path into the system, considering more complications over system access through batch jobs. With z/OS, the security comes from SAF; that is, the security software—RACF, ACF2, or TopSecret. We will examine some less well-known ways a user can submit a batch job that runs with some other userid, including through CICS submissions, Network Job Entry (NJE), and IBM’s Sterling Connect:Direct…

I was a kid in the ’60s, a decade of war, protests, and constant challenges to authority and propriety. Some activities—such as the civil rights movement and women’s rights—were deadly serious. But some were downright fun, such as the censorship-testing TV show “Laugh-In.”…

Do you remember the first time you saw somebody famous? I do. I was five, and my little sister was four, and we were going to visit Mr. Green Jeans from the children's TV show “Captain Kangaroo.” What a thrill! Now imagine my shock and surprise when I realized I was mistaken. We were visiting Aunt Liz and Uncle Eugene. Oh, I will never forget that disappointment. But what followed was equally memorable. Dear Uncle Eugene, who thought the situation was hysterical, decided we should put on our very own kids show on their front porch. He assembled all the adults and they watched my sister and me sing “The Alphabet Song.” When we were done, they clapped like it was the most brilliant thing they’d ever heard…

Mitigating security issues in a mainframe environment remains a hot topic. Mainframe security isn’t new or unique; we’ve all benefited greatly from the relative safety and security inherent in the mainframe architecture. Once it’s set up, we can almost stop worrying altogether, but where does a new installation start? How can they lock down the mainframe and protect the corporate jewels? Detailed answers to those questions could fill volumes, but the path to security nirvana can be easier to follow if you adopt the four “baby steps” to compliance outlined here…

Continuing our discussion of paths into the system, here we consider security over system access through batch jobs. You want to ensure that only users defined to the security software (RACF, ACF2, or TopSecret) can submit batch jobs, both to prevent unauthorized use of your system and to protect sensitive data…