Modern Mainframe Security Threats
The mainframe is the most enduring IT system, well-regarded for its processing speed and high degree of security. But, just because the mainframe is secure, doesn’t mean it’s impenetrable. The myth of the mainframe as Fort Knox has meant that the system is often overlooked or ignored in corporate IT security strategy. In fact, mainframe security research shows that only 33 percent of organizations always or often factor security into their mainframe decisions.
That leaves it exposed to mainframe security threats that could bring an organization to its knees. Key Resources helps the world’s largest financial, healthcare and government enterprises create comprehensive mainframe security strategies to protect their businesses. We’ve cataloged the most common risks we encounter in integrity assessments and compliance assessments.
How do malicious users gain unauthorized access to the mainframe?
In order for a mainframe user to read, modify, or print data, a request is made on their behalf to authorized operating system services. When any of these services (programs) are coded incorrectly, malicious users can invoke these services in such a way to get them to do things these services were not intended to do. This is because a supervisor state program can modify any area of memory as well as potentially assume other user credentials, including credentials for administrators or system personnel.
The rogue user program could also deny availability by overwriting critical system areas, causing the system to crash. So how does a user program break through the attack surface and gain supervisor state? Typically, this occurs when one of the PCs, SVCs, or APF programs is either designed incorrectly or contains coding errors.
What are the top mainframe security threats?
Trap Door Vulnerabilities
A Trap Door vulnerability is the most severe vulnerability found in z/OS integrity programs. It enables a hacker to make changes directly to the environment, including applications and the operating system. Trap Doors also enable hackers to impersonate users, disable logging, and change authorizations.
Storage Alteration Vulnerabilities
System instability vulnerabilities can cause z/OS service issues, including a system crash. These issues occur when authorized programs are not invoked properly as designed, and the program isn’t able to protect itself. An address space crashes or starts behaving erratically, or the entire system crashes.
System Instability Vulnerabilities
System instability vulnerabilities can cause z/OS service issues, including a system crash. These issues occur when authorized programs are not invoked properly as designed, and the program isn’t able to protect itself. An address space crashes or starts behaving erratically, or the entire system crashes.
Storage Reference Vulnerabilities
Critical hardware vulnerabilities allow for hackers to steal sensitive data that is stored within programs, including passwords. Meltdown and Spectre are two examples of attacks that exploit storage reference vulnerabilities to obtain access to protected information.
Identify Spoofing Vulnerabilities
Identify Spoofing vulnerabilities allow the non-authorized user to create alternate security credentials.
Least Privilege Vulnerabilities
Least privilege vulnerabilities occur when a privilege or authority is assigned where a lesser privilege is appropriate.
APF Authorization Vulnerabilities
Hackers can exploit APF authorization vulnerabilities to escalate the privileges of any user account. As a result, if they manage to get ahold of just one account in your IT system, they could find a way to grant that account admin privileges, giving them free reign over your mainframe.
Mainframe Security Solutions
z/Assure VAP is the only software that automatically scans for and identifies vulnerabilities in OS code, providing the information needed to protect systems.
Key Resources offers expert ESM conversion services, relying on proprietary tools – z/Assure SCU and z/Assure SMU – to manage conversions for all major ESMs: RACF, Top Secret, and ACF2.
Using our proprietary z/Assure SCU4DB2 tool, Key Resources can help you convert from Db2 security to RACF® to take advantage of its stronger security capabilities.
Password Propagation Support
z/Assure VAP is the only software that automatically scans for and identifies vulnerabilities in OS code, providing the information needed to protect systems.