Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact email@example.com.
The integrated object-level security of OS/400, IBM's midrange object-based operating system, provides the ability to grant fine-grained authority for individual objects to users or groups of users. Security administrators need to understand how to implement OS/400's object-level security simply in its various file systems to allow them to correctly configure the proper access control for the AS/400.
By: Christopher Abramson (posted on October 31, 2003)
This paper examines three mainframe security systems (Computer Associates' ACF2 (Access Control Facility, Computer Associates' Top Secret, and IBM's RACF (Resource Access Control Facility) to relate how they can be used as security servers for multiple operating system environments.
This document will provide an overview of the current (2002) status of mainframe security and a detailed understanding of the CA-Top Secret mainframe security product. It will also provide an overview for using Top Secret and an in-depth guide for auditing and reviewing Top Secret security.
I've been managing multi-million dollar projects for years but always felt muddled as to the formal activities required. Halfway through the SANS PM course, things are becoming clear at last. -Matt Harvey, US DOJ