Formation Sécurité Avancée sur z/OS : Cryptographie, Réseau, RACF et votre Entreprise

System z continues to extend the value of the mainframe by leveraging robust security solutions, to help meet the needs of today's on demand, service-oriented infrastructures. System z servers have implemented leading-edge technologies, such as high-performance cryptography, multi-level security, large-scale digital certificate authority and lifecycle management; as well as improved Secure Sockets Layer (SSL) performance, advanced Resource Access Control Facility (RACF) function, and z/OS Intrusion Detection Services.

This advanced z/OS security course presents the evolution of the current z/OS security architecture. It explores in detail, the various technologies that are involved in z/OS Cryptographic Services, z/OS Resource Access Control Facility (RACF), and z/OS Integrated Security Services.

In the hands-on exercises, you begin with your own z/OS HTTP Server in a TCP/IP environment. Throughout the exercises, you make changes to the configuration to implement authentication by using RACF, SSL and the use of digital certificates. Use is made of facilities such as RACDCERT to manage digital certificates, PKI Services and RACF auto registration.

You will also implement different scenarios to implement ssl security for a typical tcpip application; FTP: SSL, TLS, server authentication, client certificates and AT-TLS. These exercises reinforce the concepts and technologies being covered in the lectures.

Objectif opérationnel : 

Savoir implémenter les notions avancées de sécurité pour z/OS IBM.

Objectifs pédagogiques :

À l'issue de cette formation Sécurité Avancée z/OS, vous aurez acquis les connaissances et compétences nécessaires pour :

• Describe the components of network security, platform security, and transaction security on z/OS
• Describe how RACF supports UNIX users and groups
• Describe web server security flow on z/OS
• Explain the contents and use of a digital certificate
• Explain the difference between asymmetric and symmetric cryptographic techniques
• Explain SSL V3 client authentication
• Explain the basics of WebSphere Application Server and web services security
• Utilize the RACDCERT command
• Discuss the OCSF service providers
• Explain VPN (IPSec), SSL/TSL, and AT-TLS and the differences between them
• Discuss the z/OS Communication Server policy agent, IDS, and IP filtering
• Describe and utilize System SSL
• Explain how TN3270 and FTP SSL support works
• Explain how IBM secure hardware cryptographic co-processors work
• Explain how Kerberos authentication works
• Explain the LDAP terms of DN, objectclass, attribute, schema, back end, and directory
• Explain how to setup, customize, and operate z/OS PKI Services

Public :

Ce cours Sécurité Avancée z/OS s'adresse aux programmeurs système et spécialistes en sécurité chargés de concevoir et d'implémenter la sécurité sur des applications z/OS.

Prérequis :

Pour suivre cette formation Sécurité Avancée z/OS, vous devez posséder :

- Une connaissance préalable de z/OS incluant les fondamentaux de Unix System Services skills
- Une expérience de configuration d'un serveur web sur z/OS
- Des connaissances générales de TCP/IP et de RACF

Jour 1

Overview of z/OS security for on-demand business
z/OS platform security : Part 1
z/OS platform security : Part 2
Introduction to digital certificates and PKI

Jour 2

The SSL protocol
HTTP and Apache server, SSL client authentication and WebSphere Application Server security
RACF and digital certificates
Open Cryptographic Services Facility

Travaux pratiques

Controlling access using the httpd.config file
SSL protocol

Jour 3

Travaux pratiques

SSL protocol (continued)

Introduction to z/OS Communications Server security feature
System SSL overview
TN3270 secure connection
FTP server and client secure connection
Cryptography overview: System z integrated cryptography

Jour 4

Travaux pratiques

SSL client authentication and RACF auto registration

Network authentication services and Enterprise Identity Mapping
LDAP Directory Services in z/OS and the Tivoli Director Server for z/OS
An introduction to OpenSSH for z/OS

Travaux pratiques

Securing FTP with SSL: FTPS, TLS, AT-TLS