charlotte issa - 2016 - mainframe hacking
TRANSCRIPT
![Page 1: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/1.jpg)
![Page 2: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/2.jpg)
@mainframed767
DISCLAIMER
I’m not here in the name of or on behalf of my employer. All opinions expressed here at ISSA are my own.
![Page 3: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/3.jpg)
@mainframed767
Is it Legacy?
![Page 4: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/4.jpg)
![Page 5: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/5.jpg)
![Page 6: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/6.jpg)
![Page 7: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/7.jpg)
![Page 8: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/8.jpg)
@mainframed767
WHAT IF?
Three out of four of those pictures are what we should define as “Legacy”. Mainframes aren’t one of them.
![Page 9: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/9.jpg)
@mainframed767
FACTS
IBM Mainframes are MODERN architectures running STATE OF THE ART operating systems.
• Current Version: 2.2 released in 2015 • Modern password crypto • Supports IOT/Web
![Page 10: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/10.jpg)
@mainframed767
IT’S IMPORTANT
• 96 of the world’s top 100 banks, • 23 of the 25 top US retailers • 9 out of 10 of the world’s largest
insurance company • 71% of global Fortune 500 (355)
![Page 11: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/11.jpg)
@mainframed767
HOW MANY?
Mainframes process roughly 30 billion business transactions per day, including most major credit card transactions and stock trades, money transfers, manufacturing processes, and ERP systems.
![Page 12: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/12.jpg)
@mainframed767
SHOW OF HANDS
How many of you today are actively doing penetration testing or vulnerability scans on your mainframes?
![Page 13: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/13.jpg)
@mainframed767
A.K.A. ABOUT ME
1992
![Page 14: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/14.jpg)
![Page 15: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/15.jpg)
![Page 16: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/16.jpg)
@mainframed767
![Page 17: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/17.jpg)
@mainframed767
![Page 18: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/18.jpg)
@mainframed767
![Page 19: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/19.jpg)
@mainframed767
![Page 20: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/20.jpg)
![Page 21: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/21.jpg)
@mainframed767
FAST FORWARD
• Degree in Computer Science • IT Security Consultant:
– Ernst & Young – Grant Thornton
• Internal Audit: Visa • Currently:
– Mainframe Pentester
![Page 22: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/22.jpg)
@mainframed767
BEFORE & AFTER VISA
• Mainframe security reviews – Typical checklist auditor – No idea what I was actually doing
• Assigned to review mainframe at Visa – Was assigned a terrible consultant – Started personal research
Identified multiple vulnerabilities
![Page 23: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/23.jpg)
@mainframed767
TALKIN’BOUT IT
http://bit.ly/ztalks
![Page 24: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/24.jpg)
@mainframed767
YOU MAY BE THINKING: “Most, or all, mainframes are protected behind firewalls, VPNs, other various security controls.”
![Page 25: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/25.jpg)
@mainframed767
INTERNET MAINFRAMES PROJECT
• Started in 2013 • Simple scan of the internet for
mainframes (using Nmap) • Found about 400+ mainframes For example:
![Page 26: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/26.jpg)
@mainframed767
![Page 27: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/27.jpg)
@mainframed767
![Page 28: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/28.jpg)
@mainframed767
![Page 29: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/29.jpg)
@mainframed767
![Page 30: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/30.jpg)
@mainframed767
![Page 31: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/31.jpg)
@mainframed767
![Page 32: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/32.jpg)
@mainframed767
![Page 33: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/33.jpg)
@mainframed767
![Page 34: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/34.jpg)
@mainframed767
FOR THOSE WONDERING
![Page 35: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/35.jpg)
![Page 36: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/36.jpg)
@mainframed767
PRIMARY MAINFRAME OS
![Page 37: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/37.jpg)
@mainframed767
![Page 38: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/38.jpg)
@mainframed767
IT’S JUST AN OPERATING SYSTEM
• It has Files and Folders – (but they’re not called files or folders)
• It has a command line • It has a GUI • Serves up websites • It runs UNIX • TCP/IP
![Page 39: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/39.jpg)
@mainframed767
FILES AND FOLDERS
FILES are called Datasets • Datasets are composed of:
– High Level Qualifier (HLQ) – Other Qualifiers
PHIL.PROGRAMS.TEST HLQ
FOLDERS are called Partitioned Datasets (PDS) • Same as datasets but now has ‘members’
PHIL.PROGRAMS.TESTS(JUNE2015)
HLQ
HLQ MEMBER
![Page 40: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/40.jpg)
@mainframed767
COMMAND LINE
• Known as TSO • Identified by the red ‘READY’ prompt
![Page 41: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/41.jpg)
@mainframed767
![Page 42: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/42.jpg)
@mainframed767
![Page 43: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/43.jpg)
@mainframed767
UNIX
• z/OS comes with UNIX • UNIX runs TCP/IP
– Webservers – SSH – DB2 sockets – CICS sockets
![Page 44: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/44.jpg)
@mainframed767
![Page 45: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/45.jpg)
@mainframed767
SECURITY DATABASE
• z/OS is governed by what’s called a SAF • Most common (IBM): RACF
– Resource Access Control Facility • Two others (CA): • ACF2 • Top Secret
![Page 46: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/46.jpg)
@mainframed767
TO FIND THE LOCATION
• Finding RACF database is really easy:
![Page 47: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/47.jpg)
@mainframed767
SCRIPTING LANGUAGE
• Job Control Language (JCL) • A scripting language for mainframes • For example:
![Page 48: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/48.jpg)
@mainframed767
JOB CARD
Program Parameters
![Page 49: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/49.jpg)
![Page 50: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/50.jpg)
@mainframed767
STEAL CREDENTIALS
![Page 51: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/51.jpg)
@mainframed767
AUTOMATE WITH ETTERCAP
![Page 52: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/52.jpg)
@mainframed767
STEAL THE RACF DATABASE
• RACF hashes passwords with DES – without the newest (optional) upgrade
• John the ripper supports RACF password cracking
![Page 53: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/53.jpg)
@mainframed767
![Page 54: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/54.jpg)
@mainframed767
MORE ABOUT HASHING ALGO • Chad Rikansrud @bigendiansmalls • SHARE 2016
“Topics on Mainframe Encryption” http://bit.ly/zoscrypto
![Page 55: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/55.jpg)
@mainframed767
LET’S BREAK IN INSTEAD
See if you can catch the problem
![Page 56: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/56.jpg)
@mainframed767
![Page 57: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/57.jpg)
@mainframed767
![Page 58: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/58.jpg)
@mainframed767
CICS ENUMERATION?
![Page 59: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/59.jpg)
@mainframed767
PATCH OA44855
• Disables this ability • While allowing users to log on • Again this patch/change is ‘optional’ • PASSWORDPREPROMPT ON
![Page 60: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/60.jpg)
@mainframed767
USING FTP
• Allows for SSL – no excuses for unencrypted
• Allows wildcard searches (e.g. *RACF*)
• Allows for JCL submission
![Page 61: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/61.jpg)
@mainframed767
METASPLOIT-ABLE
![Page 62: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/62.jpg)
@mainframed767
Z/OS CVE’S
Only two in the world! • CVE-2012-5951 (CVSS Score: 7.2)
– Local privilege escalation • CVE-2012-5955 (CVSS Score: 10)
– CGI-BIN parser & ‘;’
![Page 63: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/63.jpg)
@mainframed767
![Page 64: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/64.jpg)
@mainframed767
![Page 65: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/65.jpg)
@mainframed767
THESE CVE’S • These two CVE’s came from the Logica/Nordea breach • In 2012 a founder of the piratebay breached multiple mainframes
http://bit.ly/zbreach “Smashing the Mainframe: For Fun and Prison Time”
![Page 66: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/66.jpg)
@mainframed767
TN3270 APPLICATIONS
• TN3270 is the protocol – That ‘green screen’
• Relies on client side security
![Page 67: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/67.jpg)
@mainframed767
![Page 68: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/68.jpg)
@mainframed767
DO IT YOURSELF
All these scripts are available online:
http://github.com/zedsec390 &
http://github.com/mainframed
![Page 69: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/69.jpg)
![Page 70: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/70.jpg)
@mainframed767
IBM POLICY
![Page 71: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/71.jpg)
@mainframed767
IBM QUOTES
“PUBLIC release of this data was not in the best interest of the system Z community.”
![Page 72: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/72.jpg)
@mainframed767
VULNERABILITY SCANNING
• Almost worthless on the platform • Qualys/Nessus don’t support the
platform • Scanners rely on CVEs However: • IBM doesn’t release public
vulnerabilities
![Page 73: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/73.jpg)
@mainframed767
NOT UP TO DATE
![Page 74: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/74.jpg)
@mainframed767
IBM TRUST IS ABSOLUTE
Show of hands: Who here trusts Microsoft to get crypto right?
CENSORED CENSORED
![Page 75: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/75.jpg)
@mainframed767
SPEAKING OF ABSOLUTES
“Also ALL the DoD mainframes are behind firewalls and VPNs”
ALL
![Page 76: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/76.jpg)
@mainframed767
PENSYS1.ARMY.PENTAGON.MIL
![Page 77: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/77.jpg)
![Page 78: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/78.jpg)
@mainframed767
PENETRATION TESTING
• No, the system won’t crash • Start forcing penetration testing against the
environment Key Take Away: The system isn’t “Legacy” and therefore shouldn’t be exempt from standard information security controls.
![Page 79: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/79.jpg)
@mainframed767
BETTER SIEM
• The mainframe logs everything • Getting those logs is a challenge but not impossible • Multiple products exist which support mainframe logs Key Take Away: Mainframe logs should be used for alerting and follow your existing Windows/Linux processes.
![Page 80: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/80.jpg)
@mainframed767
ASSET CLASSIFICATION
• Multiple products exist on the market to identify WHAT is on your mainframe
• Identifying critical data assets allows you to protect it! Key Take Away: Being able to identify critical data and who is accessing it is essential for forensics and appropriate control assessments.
![Page 81: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/81.jpg)
@mainframed767
LAB ENVIRONMENT
• Get access to the mainframe yourself • Hands on learning opportunities • “Rational Development and Test Environment for
System Z” - http://bit.ly/rdtz Key Take Away: Hands on training and access provides clear connections to mainframe controls and allows for better security testing.
![Page 82: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/82.jpg)
@mainframed767
COMPLIANCE
• Controls should be as robust as those on other systems • Standard processes should be observed despite ‘Legacy’
moniker. • Use appropriate baseline: DoD DISA STIG
– DoD STIG is only comprehensive checklist which covers entire OS
Key Take Away: Assess your current controls against those in other areas and best practices and close any gaps which exist.
![Page 83: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/83.jpg)
@mainframed767
WHAT DO YOU THINK?
• Do you still think it’s a “secure” legacy platform?
• Who here thinks it appropriate to be out of scope from your security activities?
![Page 84: Charlotte ISSA - 2016 - Mainframe Hacking](https://reader033.vdocuments.mx/reader033/viewer/2022052308/58f157ed1a28ab74118b459f/html5/thumbnails/84.jpg)
@mainframed767
THANKS/CONTACT You can contact me on gmail/twitter/tumblr:
Email: [email protected] Blog: Mainframed767.tumblr.com Twitter: @mainframed767
THANK YOU!
All Links: http://bit.ly/ztalks http://bit.ly/zoscrypto http://bit.ly/zbreach http://bit.ly/rdtz