IBM Security Z Security

 View Only

  • 1.  zsecure implementation

    Posted Tue November 22, 2022 04:27 PM

    Hello, I'm from a fairly new shop using zsecure and RACF (less than 6 months) and I have the basic zsecure admin installed and have setup some simple Audit reports. I was looking at other pieces and am still trying to grasp all of the pieces and what they are for and do others install all of them.

     

    Access Monitor

    RACF Offline

    Command Verifier

    Alert

    Are there others??

     

    Also of the CKFREEZE file and how many are really needed and what types.   I have 5 sysplex's with 16 lpars.

     

    Is there anything else beside the install guide that helps explain more and sample setups with multiple lpars.

     

    Thanks

     

    Richard McIntosh

     

     

     



  • 2.  RE: zsecure implementation

    Posted Mon November 28, 2022 08:24 AM

    Hi Richard.

    Access Monitor is an excellent tool for keeping things tidy. I have used it on several occasions when having to figure out who accesses a particular resource, e.g. dataset profiles, DSNR resources, CICS transactions, etc. 

    Alert provides capabilities to monitor events that could potentially be a concern, e.g. if a user is assigned system level privileges or if someone updates SYS1.UADS.

    Command Verifier is a favorite of mine. With Command Verifier you can introduce naming conventions (e.g. limit the capability of a group special to create and manage groups that do not follow your installations naming conventions), allow a user specific actions that require system special or system auditor (e.g. allowing a system programmer to set UAUDIT on a specific subset of users) and a lot more.

    You might also want to consider zSecure Audit. This will allow you to create reports that looks way beyond your ESM. A couple of use case examples could be improper TLS settings on MQ channels or undefined authorisation ids in DB2 (if you are using DB2 and the internal security in DB2).

    Different tools that can help you mitigate risks from different angles. Do enjoy.

    Best regards
    Mikael Rasmussen



    ------------------------------
    Mikael Rasmussen
    Senior Mainframe Security Engineer
    Danske Bank
    Brabrand
    +4540766221
    ------------------------------

    Original Message


  • 3.  RE: zsecure implementation

    Posted Mon November 28, 2022 09:28 AM
    Hi Richard,

    Please contact me via email at zagorski@us.ibm.com.  It may be helpful to set up a call with one of our technical specialists to review the zSecure Suite with you and the benefits each components provides.

    Thank you!

    ------------------------------
    Michael Zagorski
    ------------------------------

    Original Message