Modern Mainframe Security Threats

The mainframe is the most enduring IT system, well-regarded for its processing speed and high degree of security. But, just because the mainframe is secure, doesn’t mean it’s impenetrable. The myth of the mainframe as Fort Knox has meant that the system is often overlooked or ignored in corporate IT security strategy. In fact, mainframe security research shows that only 33 percent of organizations always or often factor security into their mainframe decisions.

That leaves it exposed to mainframe security threats that could bring an organization to its knees. Key Resources helps the world’s largest financialhealthcare and government enterprises create comprehensive mainframe security strategies to protect their businesses. We’ve cataloged the most common risks we encounter in integrity assessments and compliance assessments.

How do malicious users gain unauthorized access to the mainframe?

In order for a mainframe user to read, modify, or print data, a request is made on their behalf to authorized operating system services. When any of these services (programs) are coded incorrectly, malicious users can invoke these services in such a way to get them to do things these services were not intended to do. This is because a supervisor state program can modify any area of memory as well as potentially assume other user credentials, including credentials for administrators or system personnel.

The rogue user program could also deny availability by overwriting critical system areas, causing the system to crash. So how does a user program break through the attack surface and gain supervisor state? Typically, this occurs when one of the PCs, SVCs, or APF programs is either designed incorrectly or contains coding errors.

What are the top mainframe security threats?

top mainframe security threats
Trap Door Vulnerabilities

Trap Door Vulnerabilities

A Trap Door vulnerability is the most severe vulnerability found in z/OS integrity programs. It enables a hacker to make changes directly to the environment, including applications and the operating system. Trap Doors also enable hackers to impersonate users, disable logging, and change authorizations.

Storage alteration

Storage Alteration Vulnerabilities

System instability vulnerabilities can cause z/OS service issues, including a system crash. These issues occur when authorized programs are not invoked properly as designed, and the program isn’t able to protect itself. An address space crashes or starts behaving erratically, or the entire system crashes.

System instability vulnerabilities

System Instability Vulnerabilities

System instability vulnerabilities can cause z/OS service issues, including a system crash. These issues occur when authorized programs are not invoked properly as designed, and the program isn’t able to protect itself. An address space crashes or starts behaving erratically, or the entire system crashes.

Storage reference vulnerabilities

Storage Reference Vulnerabilities

Critical hardware vulnerabilities allow for hackers to steal sensitive data that is stored within programs, including passwords. Meltdown and Spectre are two examples of attacks that exploit storage reference vulnerabilities to obtain access to protected information.

Identity Spoofing Vulnerabilities

Identify Spoofing Vulnerabilities

Identify Spoofing vulnerabilities allow the non-authorized user to create alternate security credentials.

Least Privilege Vulnerabilities

Least Privilege Vulnerabilities

Least privilege vulnerabilities occur when a privilege or authority is assigned where a lesser privilege is appropriate.

APF Authorization Vulnerabilities

APF Authorization Vulnerabilities

Hackers can exploit APF authorization vulnerabilities to escalate the privileges of any user account. As a result, if they manage to get ahold of just one account in your IT system, they could find a way to grant that account admin privileges, giving them free reign over your mainframe.

Mainframe Security Solutions