RACF

USERS

GROUP

GARUG

Georgia RACF Users Group

 

General Information:

The Georgia RACF User Group (GARUG) was created to serve the professional education needs of the RACF community in Georgia and surrounding states. GARUG usually meets in Atlanta, GA.

 

Points of Contact:

Simon Dodge, SiCon, Inc.

Bob Hansel, RSH Consulting, Inc.

 

Upcoming Meeting:

 

Thursday, May 11, 2017

 

Location: Norfolk Southern
1200 Peachtree St NE
Atlanta, GA 30309

 

Time: 9 a.m. - 4:00 p.m.          (Registration begins at 8:30 a.m.)

 

Cost: ** Free **

 

Agenda:

My Adventures with TCP/IP Port Security and RACF on z/OS

     Joel Tilton, DTCC

z/OSMF

     Julie Bergh, IBM

UNIXPRIV Class

     Robert S. Hansel, RSH Consulting

RACF Grouping Class Profiles

     Robert S. Hansel, RSH Consulting

Experience with Two Factor Authentication (2FA) on z/OS

     Simon Dodge, Wells Fargo

 

Presentation

Abstracts:

My Adventures with TCP/IP Port Security and RACF on z/OS

In the ever growing world of TCPIP security the number of RACF SERVAUTH general resource class profiles has skyrocketed. In this session we will focus on a critical, and often overlooked, aspect of TCPIP security ‐ ports. Learn the key aspects of how to secure all TCP & UDP ports on your mainframe with RACF. We will explore an implementation strategy and how the mainframe has an edge in this mission-critical area of TCPIP security. If you don't take control of your ports, then someone else will!

 

z/OSMF

z/OSMF provides a web-based interface that allows you to manage various aspects of your z/OS systems through a browser at any time, from any location. One asks, ok, what does that have to do with security. Well, using z/OSMF requires sufficient authority in z/OS. Specifically, on the z/OS system to be managed, the resources to be accessed on behalf of z/OSMF users (data sets, operator commands, and so on) are secured through RACF. This session will describe user experiences on setting up z/OSMF with a focus on the security requirements.

 

UNIXPRIV Class

Permission to certain UNIXPRIV class profiles can provide users with the ability to perform specific Superuser functions without requiring full Superuser authority. Other UNIXPRIV profiles influence RACF's decision as whether a user is allowed to access a file or directory. This presentation will introduce you to all the UNIXPRIV profiles and discuss how to make best use of them.

 

RACF Grouping Class Profiles

Gain a better understanding of the contents and administration of grouping class profiles. We will delve
into the relationship and interaction of member and grouping classes. RACF merges the profiles in a member/ grouping class pair during RACLISTing to form a combined set of profiles for access authorization checking. Find out how RACF builds this set and what values it chooses for UACC, AUDIT, WARNING, and permissions.

 

Experience with Two Factor Authentication (2FA) on z/OS
Have you authenticated to your z/OS system with a token yet ? Come and discuss why you may want to do this. Which users you may want to target. We will discuss various software issues experienced, and some non technical issues you may not have thought about yet. While both IBM and CA security managers support MFA, there may be other issues that you may not have considered yet.

 

Speakers:

Joel Tilton, DTCC

Joel Tilton is a former employee of IBM, where he got his start with mainframes, who continues to champion mainframe security issues and solutions. Over 20+ years technical IT experience, the majority of which was gained in hands-on technical roles, performing a variety of duties in diverse and complex environments. The majority of Joel's experience is focused on IBM mainframe systems, where he performs as a Technician and Project Manager. Joel's specialist subject is IT Security, in particular z/OS and associated subsystems (CICS, DB2, MQ, zSecure, etc.) security with RACF. Joel is also an active member of the Tampa Bay RUG (RACF User Group) which meets jointly with the NY RUG. Joel has a true passion for security and the mainframe. Long live the mainframe!

 

Julie Bergh, IBM

Julie is IBMís Lead World Wide z Systems Security Champion, has worked for IBM for the past 15 years and has many more years prior to that in the private sector. Julie is a certified IT specialist and has a Masterís Degree in Information Systems management. Prior to joining IBM, Julie worked at a variety of large companies (e. g., GMAC, MasterCard) where her roles ranged from programming and system programming to IT Internal Auditing and IT Management. In recent years, Julieís efforts have been related to z System Security Migrations and Security Product Technical Sales, and as a result has broad experience engaging all levels of the customer organization from the C-Suite, to Security Management and to front line Security Analysts. Julie has experience in both customer and provider aspects of IBMís z Systems Security, and possesses deep skills in z/OS, RACF, ACF2 and Top Secret administration.

 

Robert S. Hansel, RSH Consulting

Robert S. Hansel is Lead RACF Specialist and founder of RSH Consulting, Inc., a firm he established in 1992 and dedicated to helping clients strengthen their IBM z/OS mainframe access controls by fully exploiting all the capabilities and latest innovations in RACF. He has worked with IBM mainframes since 1976 and in information systems security since 1981. Mr. Hansel began working with RACF in 1986 and has been a RACF administrator, manager, auditor, instructor, developer, and consultant. He has reviewed, implemented, and enhanced RACF controls for major insurance firms, financial institutions, utilities, payment card processors, universities, hospitals, and international retailers. Mr. Hansel is especially skilled at redesigning and refining large-scale implementations of RACF using role-based access control concepts. He has also created elaborate automated tools to assist clients with RACF administration, database merging, identity management, and quality assurance.

 

Simon Dodge, Wells Fargo

Simon Dodge has over 35 year experience in various roles on z/OS: CICS application developer, CICS systems Programmer, RACF technical specialist and now reluctantly has TopSecret. He is currently a Principal Engineer in zSeries Security Engineering at Wells Fargo bank. Simon has also worked as a technical support person for Consul products (now zSecure after its acquisition by IBM).

 

Registration:

Contact Robert Hansel

 - Phone: 617-969-8211

 - Email: R.Hansel@rshconsulting.com

 

Advanced Registration is requested to ensure sufficient refreshments and handouts are available.

 

Information:

For those who wish to take public transportation, the closest MARTA station is the Arts Center Transit Station.

 

For those who are driving, it is recommended you park at Colony Square (underground parking), which is located across the street from Norfolk Southern.

 

Enter the Norfolk Southern building at the front entrance on Peachtree Street. Tell security at the front desk you are attending the GARUG meeting. You will receive a visitor badge. Someone from Norfolk Southern's RACF team will escort you to the meeting room.

 

Map - Atlanta - Norfork Southern

 

For questions related to the meeting location, contact Pieter Swanepoel

 - Phone: (W)404-897-3092 (C) 678-758-4421

 - Email: Pieter.Swanepoel@nscorp.com

 

 

RACF is a trademark of International Business Machines Corporation.

Webpage provided courtesy of RSH Consulting, Inc.