Wednesday, June 22, 2011

Security and alerting on z/OS

Reading the papers lately, one thing that seems interesting is a spate of very sophisticated hacking attacks on various entities and companies. A new group called LutzSec has recently claimed to have hacked the CIA, PBS, SONY and who knows what other sites. And there are other groups out there doing what they do. One thing that seems apparent is these are very sophisticated attacks, done by very tech savvy individuals.

System z is blessed with very robust security capabilities driven by tools, such as RACF. You have a lot of power and flexibility to control access to System z. But, if someone is trying to do something nefarious, how quickly will you be notified? If a hacker attack is underway, wouldn't you want to know as soon as possible?

One interesting tool is Tivoli zSecure Alert. zSecure Alert comes with a pre-defined group of alerts, plus the ability to add additional user defined alerts, as needed. So you can alert on things like logon failures with powerful IDs, people attempting to access sensitive files, or people using system authorities that you may not want them to be using. Using zSecure Alert you can generate an alert in the form of an email, an SNMP trap, or a WTO to the z/OS console.

Or you could take that alert even further. Once the alert is on the console, how about having SA V3.3 send the alert message to the Tivoli Portal, fire a situation alert in the Portal, and have that situation forward the alert to OMNIBus, if desired.

The bottom line is zSecure Alert is an intriguing tool in that it can let you know right away if a potential attack is underway. You can then drive your notification in a number of ways. Stop them in their tracks before your company or government agency is the next one in the news (for all the wrong reasons).

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.