SANS InfoSec Reading Room - Mainframes

<<Reading Room Home
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact webmaster@sans.org.

StoneSoft

Featuring 4 papers as of May 22, 2013
PDF An Introduction to Implementing Object-Level Security in IBM OS/400 with Comparisons to Windows and Unix Permissions
By: Jeff Gardner (posted on June 30, 2005)
The integrated object-level security of OS/400, IBM's midrange object-based operating system, provides the ability to grant fine-grained authority for individual objects to users or groups of users. Security administrators need to understand how to implement OS/400's object-level security simply in its various file systems to allow them to correctly configure the proper access control for the AS/400.
PDF A Return to Legacy Security
By: Christopher Abramson (posted on October 31, 2003)
This paper examines three mainframe security systems (Computer Associates' ACF2 (Access Control Facility, Computer Associates' Top Secret, and IBM's RACF (Resource Access Control Facility) to relate how they can be used as security servers for multiple operating system environments.
PDF Perimeter Defense-in-Depth: Using Reverse Proxies and other tools to protect our internal assets
By: Lynda L. Morrison (posted on October 31, 2003)
The use of a reverse proxy server to provide defense-in-depth security will be discussed in this paper as a practical security solution for protecting our internal assets.
PDF Mainframe Security featuring CA - Top Secret
By: Chad Barker (posted on October 31, 2003)
This document will provide an overview of the current (2002) status of mainframe security and a detailed understanding of the CA-Top Secret mainframe security product. It will also provide an overview for using Top Secret and an in-depth guide for auditing and reviewing Top Secret security.
SANS Reading Room

I've been managing multi-million dollar projects for years but always felt muddled as to the formal activities required. Halfway through the SANS PM course, things are becoming clear at last.
-Matt Harvey, US DOJ

Save up to 15% on Community SANS courses

Latest Whitepapers

Event Monitoring and Incident Response
By Ryan Boyle

Dead Linux Machines Do Tell Tales
By James Fung

Setting Up a Database Security Logging and Monitoring Program
By Jim Horwath

Latest Tweets

DFIR Webcast starts in 75 minutes - 50 Shades of Hidden - Di [...]
May 17, 2013 - 3:46 PM

New blog post by @yorikv on pen test tips for file analysis. [...]
May 16, 2013 - 5:07 PM

New Blog Post: SANS EU #DFIR Summit in Prague - Call for Spe [...]
May 16, 2013 - 12:33 AM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"Because of the use of real-world examples it's easier to apply what you learn."
- Danny Hill, Friedkin Companies, Inc.

"Expertise of the trainer is impressive, real life situations explained, very good manuals. Best training ever!"
- Jerry Robles de Medina, Godo CU