Vanguard Security 2010 Track Information
 |
Monday, April 19
Full Day Workshops *
9:00am – 4:30pm
z/OS® Ethical Hacking (AKA Penetration Testing)
Mark Wilson, RSM Partners
Attendees in this workshop session will discover many common security issues and how they can be exploited. Learn how the instructors have successfully exploited these security issues while performing penetration tests for many organizations globally. They will demonstrate gaining inappropriate privileges on a z/OS system. Issues covered are UserIDs with default passwords; UADS; HMC Protection; APF & Linklisted libraries not correctly secured; and anonymous FTP issues. Upon completion of this class, each attendee will understand how to configure z/ OS to better protect against unauthorized access to the system. Why attend this session? Because you need to know what the bad guys are thinking!
Implementing z/OS UNIX® System Services (USS) Protection
John Hilman, Vanguard Integrity Professionals
This session begins with an overview of UNIX and how it has been implemented in the z/OS environment. Next, learn how the OMVS Segment should be defined in the User and Group profiles. Then, learn about the FACILITY class profiles for UNIX System Services, and the UNIXPRIV profiles for Superuser granularity. Now that you know how to administer the RACF profiles for UNIX System Services, you will learn about the UNIX file system and how to use UNIX commands to implement UNIX file protection and UNIX security events logging. If you are the person in your installation who must implement and maintain security for z/OS UNIX, this session will give you the confidence to understand what you must do and how to do it.
Using RACF® for DB2® Security
Jim McNeill, Vanguard Integrity Professionals
This class is aimed at the RACF security administrator who is considering using RACF for DB2 security. For many years, the GRANT and REVOKE statements were the only way to administer security for DB2. Now, DB2 can use RACF for security. This course begins with an introduction to DB2 and DB2 security where you will learn about DB2 objects such as tables, views, plans, and the traditional way of administering DB2 security via GRANT and REVOKE. Next, you will learn how to use RACF for DB2 security. Here you will learn how to define profiles for the various DB2 objects and administrative authorities; how to configure the RACF Access Control Module so that DB2 will call RACF for security; and how to convert from your current DB2 security to RACF security. Be sure to attend this class if you are thinking about using RACF for DB2 security.
Introduction to RACF
Bob Ubert, Vanguard Integrity Professionals
This session will provide an overview of RACF, and allow you to get even more out of the sessions in the basic track. It is designed for those who are new to RACF and are responsible for security administration. Whether your interest is RACF administration, implementation or auditing, this session will lay the foundation you need for the rest of the week. Topics include overview of RACF components; administering users, groups, and resources; using commands to define profiles; and delegating authority within RACF.
Digital Certificates - Understanding and Savings
Wai Choi, IBM
Digital certificates have been widely used to authenticate and authorize secure interactions over the network. This session will first provide you the basics on X509 digital certificates illustrated through the z/OS RACF RACDCERT command and the z/OS System SSL gskkyman utility. What fields need to be considered to put in the certificate, recommended certificate validity period for the server certificate and its issuer certificate, preparation needed for renewal, etc. We will discuss how to set up FTP with server authentication and client authentication. We will also explore the more advanced functions on Certificate Name Filtering and Host ID Mapping.
PKI Services is another z/OS component providing digital certificate services. It is a complete digital certificate authority included in the base of z/OS at no additional charge. We will introduce the full cycle certificate management provided by PKI Services. You will hear about how a large bank saves millions of dollars on digital certificates by implementing PKI Services. A hands-on lab will be provided to customize PKI Services, request and revoke certificates.
Vanguard Software Product Workshops – Complimentary to Vanguard Software Customers
Effective Use of Vanguard Administrator™
Full Day Workshop
Learn the in’s and out’s of Vanguard Administrator through a basic navigational and functional overview. Then get some practical how-to lessons that you can take home to make your workday more productive. We’ll delve into topics like the use of QuickGen™; masking (standard & enhanced); use of VRC (like RACF panels on steroids); and managing OMVS segments and USS permissions.
Effective Use of Advisor™
Half-Day Workshop
If you have used Vanguard Advisor, then you already know how easy it is to produce reports of your SMF data. However, do you know how to exploit all of the capabilities of Vanguard Advisor? In this session, you will learn how to use masking and enhanced masking; use exception criteria; sort the columns of a report; easily select which extract file to use; use extract filtering to omit SMF records; switch between the extract file and live SMF data; select the various input source options for batch reports; tailor the report format for your needs; and use SmartLink to jump to the Administrator to edit RACF profiles.
Effective Use of Analyzer™ —
Half-Day Workshop
The Vanguard Analyzer is made up of two major analysis components: namely the z/OS Operating System Options and the RACF Options. This session will delve into each of these analyses and you will learn how to produce the analysis in both Batch mode and under TSO ISPF. You will also learn to use Analyzer’s Automated System Audit capability that performs a complete analysis automatically and indicates which analysis has potential audit findings. Have you ever needed to know whether some dataset was actually updated? In this session, you will learn to use Analyzer’s Filebaseline Capture that can perform this function for you. Basically, this session will cover Vaguard Analyzer from front to back and the places in between.
* Full Day Workshop sessions not included in Standard Training Package.
