Modern Mainframe Security Threats

The mainframe is the most enduring IT system, well-regarded for its processing speed and high degree of security. But, just because the mainframe is secure, doesn’t mean it’s impenetrable. The myth of the mainframe as Fort Knox has meant that the system is often overlooked or ignored in corporate IT security strategy. In fact, mainframe security research shows that only 33 percent of organizations always or often factor security into their mainframe decisions.

That leaves it exposed to mainframe security threats that could bring an organization to its knees. Key Resources helps the world’s largest financial, healthcare and government enterprises create comprehensive mainframe security strategies to protect their businesses. We’ve cataloged the most common risks we encounter in integrity assessments and compliance assessments.

How do malicious users gain unauthorized access to the mainframe?

In order for a mainframe user to read, modify, or print data, a request is made on their behalf to authorized operating system services. When any of these services (programs) are coded incorrectly, malicious users can invoke these services in such a way to get them to do things these services were not intended to do. This is because a supervisor state program can modify any area of memory as well as potentially assume other user credentials, including credentials for administrators or system personnel.

The rogue user program could also deny availability by overwriting critical system areas, causing the system to crash. So how does a user program break through the attack surface and gain supervisor state? Typically, this occurs when one of the PCs, SVCs, or APF programs is either designed incorrectly or contains coding errors.

What are the top mainframe security threats?

Trap door vulnerabilities on the mainframe

Trap Door Vulnerabilities

A Trap Door vulnerability is the most severe vulnerability found in z/OS integrity programs. It enables a hacker to make changes directly to the environment, including applications and the operating system. Trap Doors also enable hackers to impersonate users, disable logging, and change authorizations.

Storage Alteration Vulnerabilities mainframe

Storage Alteration Vulnerabilities

Storage Alteration vulnerabilities don’t directly grant hackers total control of the environment. But, they do provide non-authorized users with the ability to alter some or all virtual memory, enabling hackers to wreak havoc in many of the same ways as they could with a Trap Door vulnerability.

System Instability Vulnerabilities mainframe

System Instability Vulnerabilities

System instability vulnerabilities can cause z/OS service issues, including a system crash. These issues occur when authorized programs are not invoked properly as designed, and the program isn’t able to protect itself. An address space crashes or starts behaving erratically, or the entire system crashes.

Storage Reference Vulnerabilities mainframe

Storage Reference Vulnerabilities

Critical hardware vulnerabilities allow for hackers to steal sensitive data that is stored within programs, including passwords. Meltdown and Spectre are two examples of attacks that exploit storage reference vulnerabilities to obtain access to protected information.

Identity Spoofing Vulnerabilities mainframe

Identify Spoofing Vulnerabilities

Identify Spoofing vulnerabilities allow the non-authorized user to create alternate security credentials.

Least Privilege Vulnerabilities mainframe

Least Privilege Vulnerabilities

Least privilege vulnerabilities occur when a privilege or authority is assigned where a lesser privilege is appropriate.

APF Authorization Vulnerabilities mainframe

APF Authorization Vulnerabilities

Hackers can exploit APF authorization vulnerabilities to escalate the privileges of any user
account. As a result, if they manage to get ahold of just one account in your IT system, they could find a way to grant that account admin privileges, giving them free reign over your mainframe.

Learn more about each mainframe security vulnerability.

vulnerability scanning software for the mainframe

z/Assure® Vulnerability Analysis Program (VAP)

z/Assure VAP is the only software that automatically scans for and identifies vulnerabilities in OS code, providing the information needed to protect systems.

compliance assessment software for the mainframe

z/Assure® Compliance Assessment Manager™

z/Assure CAM, our automated compliance assessment solution, helps protect sensitive data by enabling organizations to enforce security policy across critical mainframe and ESM systems.

mainframe integrity assessment services

Integrity Assessment Services

Without operating system integrity, there can be no system security. An integrity assessment from Key Resources focuses on the health and security of the mainframe operating system.

conversion software for RACF, ACF2 and Top Secret

External Security Manager (ESM) Conversion Services

Key Resources offers expert ESM conversion services, relying on proprietary tools – z/Assure SCU and z/Assure SMU – to manage conversions for all major ESMs: RACF, Top Secret, and ACF2.

DB2 database security software

Db2 to RACF® Security Conversions

Using our proprietary z/Assure SCU4DB2 tool, Key Resources can help you convert from Db2 security to RACF® to take advantage of its stronger security capabilities.

ESM password conversion software

Password Propagation Support

Using z/Assure PPS, our proprietary password propagation software, Key Resources can quickly and securely transfer existing passwords over to your new security package.

Talk to Key Resources to find the right mainframe security solution for your business.