For several decades mainframe is being vastly used in many public and private Organizations to hold business critical data. Banks, insurance companies, government entities and credit card companies are few of them. The important mainframe features in this regard are reliability, serviceability, scalability, performance and last but not the least security. To protect millions of daily transactions, the utilization of security features has to be strictly administered. The currently available mainframe security products include RACF from IBM, Top Secret and ACF2 from CA Technologies. Among them RACF (Resource Access Control Facility) is the most commonly used product.
Earlier when systems used to be mostly operated by single users, security was not a big concern for the Organizations. With the availability of multi-application, multi-user and multi-task Mainframe environments the enterprises became more aware of the resource protection from unauthorized access. The components of IBM security software are listed below:
LDAP (Lightweight Directory Access Protocol) server for accessing and maintaining distributed directory information over an IP network
DCE Security Server to provide distributed computing environment.
Network Authentication Service to provide security service without the need of a middleware product.
z/OS Firewall Technologies to allow a safe mainframe connection to Internet.
PKI Services to issue digital certificates for both internal and external users. It also helps in public key set up.
Enterprise Identity Mapping to manage multiple user identities in an enterprise environment.
RACF, an add-on software product, holds information about users, resources and database access. It verifies user identities and raises resource request. The access control tasks of RACF are as follows:
Identification and verification of users as well as identification, classification and protection of system resources
User authorization for protected access to the resources
Access control to data, system software and applications at read, write, update and delete modes
Creation of a centralized and decentralized security administration
Support for digital certificates and cryptographic services
Auditing without any modification in the applications
Logging and reporting of attempts to access protected resources without proper authorization
Digital certificates, case sensitive IDs and passwords as well as public key infrastructure services are the latest security features which are also supported by RACF. The password identification policy of RACF includes minimum length, use of numeric characters and capital letters, lack of repeating characters etc. Although the new security products ACF2 and Top Secret from CA technologies are in market, RACF remains the best choice for providing security in Mainframe environment.