zSecure Admin

zSecure: Securing communications between your zSecure Servers

This video shows you how to secure the communications between your zSecure server tasks also known as CKNSERVE tasks.

This topics covered include:

  • Transport Layer Security (TLS)
  • Client authentication which required by the zSecure server when using TLS

It also includes a demonstration of the process for creating the digital certificates required when implementing TLS using a centralized creation methodology.

Time: 25 minutes

IBM Z Multi-Factor Authentication

This video provides details on the use of multi-factor authentication (MFA) in order to provision a user for the Timed One Token Password (TOTP) factor. You will learn how to provision a user with:

  • IBM Verify
  • Google Authenticator
{GENERICO:type="hints",style="Information",text="IBM® Multi-Factor Authentication for z/OS®, which is referred to in this document as IBM MFA, provides alternate authentication mechanisms for z/OS networks that are used in conjunction with RSA SecurID-based authentication systems, Apple Touch ID devices, and certificate authentication options such as PIV/CAC cards. IBM MFA allows RACF to use alternate authentication mechanisms in place of the standard z/OS password."}{GENERICO:type="hints_end"}

Duration: 12 minutes

How to remove redundant user permits

In this zSecure video, you learn how you can find and remove redundant permissions that are directly permitted to a user ID. This video starts with a brief explanation about access control lists and what is considered to be a redundant user permit. The last part of this video is a software simulation of the Verify User permit function.

zSecure Admin - How to Implement Pervasive Dataset Encryption

In this video, you will be walked through the following steps in order to implement pervasive dataset encryption:

  • create symmetric data key
  • define symmetric data key in RACF
  • grant user access to data key
  • define dataset encryption policy in RACF

Time:

11 minutes

Using IBM zSecure Access Monitor to analyze resource profiles

In this video, you will learn the about the zSecure Access Monitor to analyze resource profiles.

The topics covered include:

  • When to use the Access Monitor
  • What are the design considerations
  • How to consolidate using Access Monitor
  • How to clean up RACF database

A demonstration of the zSecure Access Monitor is also provided.

Duration: 20 minutes

How to create and use a zSecure UNLOAD data set

In this zSecure video, you learn how you can use the Setup application in zSecure to create and use a zSecure UNLOAD data set from your active primary RACF database.


zSecure: Compliance Framework Demo

This video provides a demonstration of the user interface for the zSecure Audit Compliance Testing Framework available starting with zSecure v2.3.1.

The framework was introduced to help automate the compliance checking of newer external standards, as well as, site standards, and to save time for other security tasks. Standards can be customized.

How to define and use zSecure Collections

This 15 minute video contains a zSecure software demonstration how to define and use a zSecure Collection as input to your zSecure Admin session.


Cleaning Up Your RACF DB with Access Monitor and RACF-Offline Part 1. Setting the Scene

The theory of how to perform a RACF database clean up unused resource profiles and permissions based on the collected access decisions by Access Monitor against an offline RACF database. In addition, this video explains how to run an access simulation of historically collected access events against this cleaned up offline RACF database to investigate whether the clean up causes access failures when historic access occur today against the cleaned up RACF database.

Cleaning Up Your RACF DB with Access Monitor and RACF-Offline Part 2. Live Demo

This recorded live demonstration shows how to run a RACF database clean up of unused resource profiles and permissions against an offline RACF database based on the Access data set that the Access Monitor has produced. In the second part of this video, the viewers are shown how to run an access simulation to investigate whether the clean up potentially causes access violations or increased access when compared to the collected historic access decision.

How to use the Show Differences feature in zSecure Admin Part 1

This video demonstrates how to specify multiple zSecure input sets as input to be able to use the Show Differences feature. You learn how to set one of your defined zSecure inputs set as the 'Compare Base' and how to additionally select one or more other input sets to compare against the 'Compare Base' to report the differences between the input source and the 'Compare Base'.

How to use the Show Differences feature in zSecure Admin Part 2

This video shows how you can use the Show Differences function in IBM Security zSecure Admin and Audit. You learn what reports support the Show Differences function, how to define which differences you want to include in your reports, and how to interpret the resulting reports and their details.

Applying Bulk Changes to RACF Definitions with the FORALL Function

This video shows how to use the FORALL function that IBM Security zSecure Admin supports. This live demonstration contains some examples of when and where using the FORALL function might prove to be a significant labor time saving function for administering bulk changes to your RACF definitions.

Using a zSecure Server in Self-Connect Mode

Some security and audit policies of zSecure customers do not approve that all zSecure users have direct READ access to the primary or active backup RACF database. A possible solution to prevent the need for this direct READ access is to use a zSecure Server in Self-connect mode. This video contains an explanation and demonstration of how to use a zSecure Server in self-connect mode to list and maintain a RACF database with zSecure Admin.

Click roadmap title to expand/collapse roadmap

zSecure Audit Compliance

This job role includes the central or decentralized employees who are responsible for auditing security implementation on the z/OS system and running rule-based compliance evaluations.


Administration

These are tasks that deal with administering and maintaining security settings and profiles

Reporting

These are tasks that deal with generating audit and compliance reports

Alerting

These are tasks that deal with generating alert messages

Commercial Courses

Commercial courses cover a broad range of tasks that are described in the course summary of each course.

Click roadmap title to expand/collapse roadmap

zSecure Security Administrator

zSecure Security Administrators vary greatly in their level of responsibility. From entry level administrators with limited RACF capability to central security administrators with extensive RACF capability and responsibility for the system-wide administration of RACF database. Entry level local administrators may be limited to resetting passwords and maintaining memebership in existing groups while central security administrators could be responsible for the maintenance of the class descriptor table and the SETROPTS parameters.


Administration

These are tasks that deal with administering and maintaining security settings and profiles

Reporting

These are tasks that deal with generating audit and compliance reports

Alerting

These are tasks that deal with generating alert messages

Commercial Courses

Commercial courses cover a broad range of tasks that are described in the course summary of each course.