This SSE for zSecure 2.2 provides the following benefits:
- filter commands to quickly zoom in to records of interest
- fast navigation to jump to RACF user and group details
- quick admin capability for TSO and UNIX properties
- enhanced e-mail configuration
- ability to configure large buffers 'above the bar' (64-bit exploitation)
These changes apply to one or more of the following components: zSecure Admin, zSecure Audit, and zSecure Alert.
Details can be found in this blog entry by Jeroen Tiggelman on the Service Management Connect - System z blog.
On October 1, 2015 IBM issued a Statement of Direction about providing 64-bit addressing support in IBM Security zSecure. This support has now become available as a Service Stream Enhancement (SSE) to zSecure 2.2.0.
64-bit addressing allows the use of memory above the 2GB "bar" implied by addresses consisting of only 31 bits. Besides allowing the program to store and retrieve larger amounts of data, this also frees up memory "below the bar" that can be used by (other) 31-bit addressing programs.
Typical functions in zSecure that benefit from having a lot of memory available include
- processing very large numbers of events from the SMF event log, e.g. as sent on to IBM Security QRadar SIEM;
- analyzing data for many security databases and LPARs at the same time;
- rule-based compliance analysis based on many underlying technical reports;
- analyzing large intervals (possibly a year or more) of access use data, e.g. to identify obsolete permissions.
The SSE also includes enhancements to 31-bit addressing support. Details can be found in this blog entry by Jeroen Tiggelman on the Service Management Connect - System z blog.
The changes apply to all components of zSecure for z/OS except for zSecure CICS Toolkit and zSecure Command Verifier. For the full benefits a z196 or newer hardware is required.
On February 16, 2016 IBM announced authentication enhancements for z Systems, including a new product IBM Multi-Factor Authentication for z/OS (5655-162), with a planned availability date of March 25, 2016.
IBM z/OS Security Server Resource Access Control Facility (RACF) provided enabling infrastructure updates for z/OS V2R1 and V2R2.
IBM Security zSecure suite provided supporting updates for zSecure 2.1, 2.1.1, and 2.2.
Multi-Factor Authentication raises the level of assurance of mission-critical systems by requiring authentication with multiple factors during the logon process.
Each authentication factor must be from a separate category of credential types:
1) Something you know (e.g. a password or PIN code),
2) Something you have (e.g. an ID badge or a cryptographic key),
3) Something you are (e.g. a fingerprint or other biometric data).
More details can be located through this blog entry by Jeroen Tiggelman on the Service Management Connect - System z blog.
You might also be interested in the zSec
Short URL for this post: http
IBM provides advance notification of End Of Support (EOS) dates allowing customers reasonable time to complete software upgrades or to refresh appliance products. To view upcoming EOS dates by product segment, click a link in the list below.
Important EOS Announcement: Effective July 31, 2016 IPS firmware versions prior to 4.6.1 will reach End of Support.
View all IBM Software EOS announcements for 2016 and 2017.
Q: What are the major Support Lifecycle milestones?
A: The major Support Lifecycle milestones are:
Q: How do you determine if your installed software is still supported?
A: Search by product name or keyword using the Supp
Q: What happens when EOS is announced?
A: Often, there is a newer version of the software available for download. In most cases, you’ll have sufficient time to plan for and install the latest version. For more information on the lifecycle stages, including EOS, view this short YouTube video on the IBM
Q: What is the standard version format for IBM Software products?
A: The full product version is expressed by a four-digit code known as the IBM Version, Release, Modification and Fix Level structure, or VRMF. View this Technote for additional information and description of each element. You may also find this Glossary of product support and maintenance terms helpful.
Q: Where can you view additional details on product updates or replacement information?
A: Using the Support Lifecycle Search, search for your product, select View for details and click the EOS announcement link to view Repl
Q: What are your options if you are unable to upgrade or refresh your current products before the EOS date?
A: You can request a Support Extension. Support Extensions are available for Customers who are unable to migrate to a supported version, release or appliance platform prior to EOS. For more information, visit the IBM
Q: How do you stay connected for future product announcements?
A: There are several ways to receive product announcements:
Q: How can you connect with IBM Security on social media?
A: Follow us on Twitter - http
Q: Where can you find more information on IBM Support policies?
A: You can view and download the IBM
The IBM Support Lifecycle Policy sets forth the minimum length of time IBM will provide security content and technical support for a product version and release. Click the applicable product segment link below to view the Support Lifecycle Policy.
z/OS V2R2 was announced on July 28, 2015 with a planned availability date of September 30, 2015.
A summary of the toleration fixes that have been made available for zSecure 1.13.0, 1.13.1, 2.1.0, and 2.1.1 can be found on the Service Management Connect - System z blog.
You might also be interested in the following page that was recently added to the zSecure wiki: Samp
On the System z Management blog, Jeroen Tiggelman has posted a summary of recent RACF password security enhancements.
This blog entry discusses the corresponding updates to nearly all zSecure products for all releases in standard support, and also explains how related updates can be found for other products and components, such as IMS, CICS and JES3.
Links are provided to technotes made available by the RACF and zSecure teams containing more extensive documentation.
zSecure 2.1.1 has been announced with the following products...
... and the following solutions
Please refer to this blog entry on System z Management for details on the solutions.
All zSecure products support RACF. zSecure Audit and Adapters for QRadar SIEM support CA-ACF2 and CA-Top Secret. zSecure Alert supports CA-ACF2.
You might also be interested in this article on 50 years of mainframe security.
Edit: Updated zSecure for z/VM release from 1.11.1; 1.11.2 became available on March 13, 2015.
Edit: The latest zSecure for z/OS release is zSecure 2.2.
Designed for enterprises which require the highest levels of network security, IBM® Security Network Protection (XGS) protects against advanced threats, provides visibility and control of what is happening on your network, and offers seamless deployment and integration into your environment. This results in reduced risk, enhanced network traffic control, and better ROI on security spending.
zSecure 2.1.1 has been announced on July 15, 2014, with a planned availability date of September 5, 2014.
This announcement includes a new product IBM
More details about the various integrations between zSecure and QRadar SIEM can be found in this blog entry by Jeroen Tiggelman on the Service Management Connect - System z blog.
You might also be interested in what else is new
* European zSecure User Group 2014
* System z Security Conference in Montpellier, France
* GSE UK Conference 2014
* The clock is ticking – zSecure 1.11, end of support date
* Request for Enhancement (RFE) has launched for System z
* zSecure Manager for z/VM – Beta Program Announcement
* UACC of READ and the PROGRAM class
* Recent fixes for zSecure
* CARLa Corner
* Useful Links
This time, the CARLa Corner discusses how to easily verify compliance with a rule that resource profiles must not be owned by individual user IDs.
You might also be interested in the video Main
You might also be interested in the video How
Janaki Sundar has just published a new article on developerWorks, "Customizing TXSeries CICS external authentication, Part
From the abstract:
Part 1 of this two-part article provides an overview of IBM TXSeries™ for Multiplatforms and the requirements for authentication and authorization in an enterprise business solution. This article focuses on IBM TXSeries for Multiplatforms external authentication through Microsoft® Active Directory. Sample External Authentication Manager (EAM) files, customized for use in conjunction with this article, are available for download. In this article, you configure CICS ® external authentication to work with different user registries. Part 2 will provide information on customizing IBM Security Access Manager for external authentication.
You might also be interested in.,.....
Secure your private cloud on the mainframe
Read this white paper to learn how the mainframe can:
Securely host a variety of virtualized operating system platforms to optimize resource utilization and reduce costs.
IBM Security Network Intrusion Prevention System Virtual Appliance, a part of the IBM 'Adaptive Threat Protection' platform, offers all the advanced preemptive protection of our NIPS in a virtual security appliance. Powered by IBM X-Force® research, it operates on virtual platforms to protect both your physical and virtual networks with the same high level of security. As a virtual appliance, it is an ideal security solution for cloud services, with the ability to secure traffic between virtual machines and enabling flexible deployments in multitenant virtual environments.
IBM Security Network Intrusion Prevention System Virtual Appliance trial download is a virtual image of IBM's NIPS product. This download will help you get an overview of our adaptive threat protection approach to address evolving and mutating threats in your IT environment.
Visit the trial support page.
I know everyone's scrambling to figure out what has to be patched to fix the Heartbleed bug. Please keep in mind that Heartbleed is a bug in the OpenSSL implementation of SSL, not a flaw in SSL itself. I know that many IBM products don't use OpenSSL and aren't affected by the Heartbleed bug. Having said that, there are probably some IBM products that DO need to be patched. And I wouldn't dare try to enumerate them.
Because IBM has a team of people whose job is specifically to monitor security vulnerability announcements and make sure the affected IBM products are made aware and to make sure patches get rolled out. They are the IBM
Jon Tate has published a post on the System Storage Redbooks blog with more details on how to get plugged into the PSIRT team's announcements about Heartbleed and other security alerts. So go check that post out and get plugged in.
You might also be interested in.....
Encrypting Data With Confidence
IBM has published a new white paper on encrypting data at enterprise scale. Learn about encrypting mission critical data with confidence and reduce security risks across the enterprise and beyond.
Guus.Bonnes has post
You might also be interested in....
Protect your critical assets with an integrated, cost-effective approach to vulnerability assessments and risk management.
Read this white paper to learn: