Security

Owner(s):


 * [[image:mainframe.jpg]]

What is security?**
 * Very Important part of computers
 * The most critical information is now stored on computers
 * This information must not be made available to everyone


 * The Three Basic Concepts: --each concept must be implemented**
 * Confidentiality (Authorization)
 * Integrity (Authentication)
 * Availablility


 * The Major Security Threats**
 * Hackers
 * A hacker is a person who specializes in undermining security mechanisms implemented for computer and network systems.
 * Unauthorized users
 * An unaurthorized user is a user that has gained access to a system without permission from the Administrator.
 * Malware
 * Software designed to infiltrate or damage a computer system without the owner's consent.
 * Hooks
 * Similar to back doors, hooks are left by programers as ways to re-gain access to thier software.


 * Confidentiality Models**
 * Flow Model
 * Lays out the scheme which relates users to objects
 * Access Control
 * Same as flow model but also includes types of operations that can be performed
 * Operations
 * Read only
 * Write only
 * Execute


 * Roles


 * Classify Data* --** it is important to classify data into varying levels of security.


 * Integrity**
 * Authenticity
 * Accountability
 * Non-repudiation


 * Threats To Integrity**
 * Salami Slicing
 * Falsification


 * Availability**
 * The system/data is available for use
 * Logging/Auditing


 * Mainframe Security Tools**
 * RACF
 * Resource Access Control Facility
 * Identify/authenticate users
 * Authorization
 * Log and report
 * Security administrator controls access
 * RACF works with parellel sysplex
 * ACF2
 * Access Control Facility 2