Oh. Yes, I thought commercials are not that popular here :) We also provide in-depth IT security assessments for mainframe systems, have been doing this for quite some years. We offer some specialized tools as well, for example for offline / regular RACF password auditing (but no, no such animal as a z/OS virus checker).
More information at http://www.detack.com/en/hms.html Costin Enache / Detack GmbH --- On Fri, 3/4/11, Jan Vanbrabant <[email protected]> wrote: > From: Jan Vanbrabant <[email protected]> > Subject: Re: z/OS Virus Checker & zLinux Virus Checker > To: [email protected] > Date: Friday, March 4, 2011, 8:56 AM > Don't see anything like a "forum" in > the sitemap of your web site. > J > > On Fri, Mar 4, 2011 at 7:21 AM, Dr. Stephen Fedtke < > [email protected]> > wrote: > > > hi all, > > > > i almost missed this discussion. if you are interested > in further arguments > > and details in this field "Vulnerability Analysis and > Scan on z" you should > > also refer to the "it security forum" on our website. > we completely solve > > this problem for over a decade. > > > > best > > stephen > > > > > > > > --- > > Dr. Stephen Fedtke > > Enterprise-IT-Security.com > > > > Seestrasse 3a > > CH-6300 Zug > > Switzerland > > Tel. ++41-(0)41-710-4005 > > www.enterprise-it-security.com > > > > > > ++NEWS++ SF-LoginHood provides state-of-the-art > password, phrase and login > > security for z/OS ++NEWS++ > > > > > > > > > > > > > > > > > > At 14:04 29.01.2011 -0600, you wrote: > > >Elardus, > > > > > >Please let me add some information in response to > your posting: > > > > > >There is a difference between a Virus and a System > Integrity > > >Exposure.The System Integrity Exposure is the Root > Cause that a Virus > > >exploits.There may be many Viruses, especially in > Windows Systems, which > > >exploit the same Root Cause.The PC Virus checkers > look for the > > >signatures of Virus code either executing or in > directories and then > > >take action to remove them.The Virus Checkers > cannot fix the Root Cause > > >-- in the case of Windows, only Microsoft can do > that.But, it would be > > >better if Microsoft would fix the Root Cause > because then the Virus > > >programs would become ineffective. > > > > > >IBM's Statement of Integrity clearly states that > if a System Integrity > > >Vulnerability (the Root Cause) is reported to IBM, > they will fix > > >it.Microsoft does not make this commitment and > this is why the z/OS > > >Operating System is a much more "securable" system > than Windows. > > > > > >However, z/OS is not immune to these threats > because it too has system > > >integrity vulnerabilities.In your posting, you > state that there are many > > >alternatives to our Vulnerability Analysis Product > for the "ethical > > >hacking/penetrating/scanning for defects and > exposures."In fact, IBM > > >purports to provide this capability from their > Tivoli zSecure unit.On > > >their zSecure Audit Website, they state: "Security > zSecure Audit > > >includes a powerful system integrity analysis > feature. Reports identify > > >exposures and potential threats based on > intelligent analysis built into > > >the system."That's a pretty powerful and absolute > statement. > > > > > >But, since Tivoli is part of IBM you can be > assured that their Quality > > >Assurance Unit regularly tests their software > against revisions to the > > >IBM z/OS Operating System and, if any integrity > exposures were found, > > >they would have reported the vulnerabilities to > IBM z/OS Development and > > >Development would have fixed them.That would just > be the normal course > > >of business within IBM. > > > > > >But, then, how can you reconcile the fact that our > VAT product has > > >located SIXTY SEVEN (67) new system integrity > vulnerabilities in z/OS > > >within the last two years.And, our clients have > reported them to IBM, > > >IBM has accepted them as errors, issued APARS for > all of them and issued > > >PTFs for almost all of them.So, obviously, the IBM > Tivoli zSecure Audit > > >package is not catching these errors.And, if IBM, > is not catching these > > >in their own code, what about the ones introduced > by the rest of the > > >Independent Software Vendor products and locally > developed or otherwise > > >obtained code on your system?There is a big > vulnerability here that > > >cannot be ignored. > > > > > >An exploit of a z/OS (or ISV) system integrity > vulnerability would allow > > >the illegitimate user to obtain control in an > authorized state and use > > >this state to change his security credentials to > obtain access and be > > >able to modify any RACF protected resource on the > system with no SMF > > >journaling of the access.We have found these > integrity exposures in code > > >that is in operation on every z/OS system in > existence.That is something > > >to be concerned about and to act on. > > > > > >I have no idea of the comparison between the cost > of our Vulnerability > > >Analysis Tool versus the competition.We would be > happy to discuss that > > >with you -- we believe it is inexpensive compared > to the benefits which > > >include not only a reduction of risk and exposure > to data loss and > > >modification which would result in exposure of > company secrets, private > > >information and financial loss, but a reduction of > system outages.But, > > >VAT works and locates the errors that other > software/services do not.I > > >can totally assure you that a manual process just > will not work in our > > >lifetimes.So, an automated process is > necessary.And VAT provides that > > >automation. > > > > > >And I agree with you that many z/OS Auditors need > to be educated on this. > > > > > >Ray Overby > > >Key Resources, Inc. > > >Ensuring System Integrity for z/Series^(TM) > > >www.vatsecurity.com > > >(312)574-0007 > > > > > > > > > > > >On 1/29/2011 09:12 AM, Elardus Engelbrecht wrote: > > >> Cris Hernandez #9 wrote: > > >> > > >>> I too have auditors who treat the my > mainframe like one those little > > puters > > >> and I find it best to first educate them > before they convince my > > management > > >> to send me chasing phantoms. Don't > assume your auditor won't appreciate > > a > > >> mainframe education. > > >> > > >> Jim Marshall wrote: > > >> > > >>> Auditors came around and wrote up our > z/OS V1R10 Sysplex for not > > running a > > >> Virus Checker. Anyone has a > constructive solution as to one being > > available or > > >> some verbage which defends the position. > > >> > > >> > > >> After reading all those good answers, please > allow me a reply: > > >> > > >> I told my auditors this: > > >> > > >> 1. There are NO vendors for z/OS antivirus > software. Give me one example > > and > > >> I'm ready to talk with my management. > Otherwise we talk about RACF, APF, > > >> etc. as discussed already in this thread. > > >> > > >> 2. There are Linux and Unix antivirus > software, but z/OS itself are > > immune > > >> against the threats. > > >> > > >> 3. Some disgruntled employee(s) may place a > TROJAN, not a virus. It > > >> happened unfortunately. That is another > matter for another rainy day. > > >> > > >> 4. Depending on RACF accesses, one can write > something in any language > > to > > >> delete or modify datasets. Anyone. It is up > to you to protect your z/OS. > > Read > > >> again that thread in ibmmainframes.com > mentioned in this thread for > > some > > info. > > >> > > >> 5. About VAT Security and similar > software/service - It looked to me > > that > > this > > >> is *ethical* hacking/penetrating/scanning for > defects and exposures. > > That is > > >> the standard (?), but expensive way, for > checking out your z/OS. There > > are > > >> many such software and services available > from various vendors. > > >> > > >> > > >> I'm very sure those auditors are in for a > serious *re-education* ;-D > > >> > > >> Groete / Greetings > > >> Elardus Engelbrecht > > >> > > >> > ---------------------------------------------------------------------- > > >> For IBM-MAIN subscribe / signoff / archive > access instructions, > > >> send email to [email protected] > with the message: GET IBM-MAIN INFO > > >> Search the archives at http://bama.ua.edu/archives/ibm-main.html > > >> > > > > > > >---------------------------------------------------------------------- > > >For IBM-MAIN subscribe / signoff / archive access > instructions, > > >send email to [email protected] > with the message: GET IBM-MAIN INFO > > >Search the archives at http://bama.ua.edu/archives/ibm-main.html > > > > > > > > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access > instructions, > > send email to [email protected] > with the message: GET IBM-MAIN INFO > > Search the archives at http://bama.ua.edu/archives/ibm-main.html > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access > instructions, > send email to [email protected] > with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
