System z continues to extend the value of the mainframe by leveraging robust security solutions, to help meet the needs of today's on demand, service-oriented infrastructures. System z servers have implemented leading-edge technologies, such as high-performance cryptography, multi-level security, large-scale digital certificate authority and lifecycle management, as well as improved Secure Sockets Layer (SSL) performance, advanced Resource Access Control Facility (RACF) function, and z/OS Intrusion Detection Services. This advanced z/OS security course presents the evolution of the current z/OS security architecture. It explores in detail, the various technologies that are involved in z/OS Cryptographic Services, z/OS Resource Access Control Facility (RACF), and z/OS Integrated Security Services.In the hands-on exercises, you begin with your own z/OS HTTP Server in a TCP/IP environment. Throughout the exercises, you make changes to the configuration to implement authentication by using RACF, SSL and the use of digital certificates. Use is made of facilities such as RACDCERT to manage digital certificates, PKI Services and RACF auto registration. You will also implement different scenarios to implement ssl security for
You should have: General z/OS knowledge, including basic UNIX System Services skills Experience configuring any of the web servers on z/OS Basic knowledge of TCP/IP and RACF
This class is intended for z/OS system programmers and security specialists in charge of designing and implementing z/OS security for web-enabled applications.
Describe the components of network security, platform security, and transaction security on z/OSDescribe how RACF supports UNIX users and groupsDescribe web server security flow on z/OSExplain the contents and use of a digital certificateExplain the difference between asymmetric and symmetric cryptographic techniquesExplain SSL V3 client authenticationExplain the basics of WebSphere Application Server and web services securityUtilize the RACDCERT commandDiscuss the OCSF service providersExplain VPN (IPSec), SSL/TSL, and AT-TLS and the differences between themDiscuss the z/OS Communication Server policy agent, IDS, and IP filteringDescribe and utilize System SSLExplain how TN3270 and FTP SSL support worksExplain how IBM secure hardware cryptographic co-processors workExplain how Kerberos authentication worksExplain the LDAP terms of DN, objectclass, attribute, schema, back end, and directoryExplain how to setup, customize, and operate z/OS PKI Services, Systems w/TPS, Mainframe TPS, Application Platforms TPS, z Enterprise Transaction Systems & integration