On the System z Management blog, Jeroen Tiggleman has published a summ
zSecure is an excellent platform to help you secure your System z platform and can be used to detect both external and insider threats to your system. To find out more about how you can help detect insider threats in your IT environment, you can download and read "Sta
Understanding the shifting nature of malicious attacks on and vulnerabilities of your enterprise mainframe or hybrid system, especially as your organization implements new technologies -- cloud computing, response-based workload resource balancing, mobile access, big data handling, social collaboration -- is just the beginning of establishing a comprehensive security policy for your mainframe-oriented environment. In "Creating the ultimate security platform," IBM explains how System z can deliver proactive protection for data, web, cloud, mobile, and enterprise environments on mainframe systems.
This whitepaper starts by detailing how mainframe security requirements have changed in the Internet era. Originally, mainframes were isolated from outside influences, but now many are just as connected to the web as a typical smartphone; the difference is that it is relatively easy to secure the simple environment of a phone, but not so easy with the complex architecture of a mainframe.
The paper describes how security intelligence, consistent, normalized analysis of disparate data to recognize and block attacks, takes an "umbrella" approach to security (from network intrusion prevention all the way to endpoint management) in order to create a complete picture of the infrastructure and the attacks and vulnerabilities that threaten it. The security intelligence approach, optimized for the way a contemporary computer system is used, replaces the traditional "security only at the obvious vulnerable points" way of protecting your mainframe.
Linux on System z employs some unique technologies that can potentially make delivering overall network security easier by providing centralized management capabilities and reducing the number of control checks -- device coupling controls, auditing and troubleshooting functions, and predefined network configurations (such as the HiperSockets adapters, technology that enables high-speed communications between partitions on a server with a hypervisor).
The IBM Redbooks tech note "Security for Linux on System z: Securing Your Network" offers a rather detailed abstract that explains these tools and how they work in order to set up a secure network, focusing on the task of configuring virtual switches to automatically manage which users can couple with them. An excellent read of a few minutes that can bring you a wealth of knowledge on secure networking.
To expand your Linux on System z security experience even further, you can tackle the complete Redbook publication this note was abstracted from: Security for Linux on System z. If you need more basic hands-on experience using Linux on System z (and cloud), take a look at the video IBM Linux on System z Cloud Test Drive to better understand virtualization, deployment, and image management from both a user and an administrator point of view.