This video shows you how to secure the communications between your zSecure server tasks also known as CKNSERVE tasks.
This topics covered include:
- Transport Layer Security (TLS)
- Client authentication which required by the zSecure server when using TLS
It also includes a demonstration of the process for creating the digital certificates required when implementing TLS using a centralized creation methodology.
Time: 25 minutes
This video provides details on the use of multi-factor authentication (MFA) in order to provision a user for the Timed One Token Password (TOTP) factor. You will learn how to provision a user with:
- IBM Verify
- Google Authenticator
In this zSecure video, you learn how you can find and remove redundant permissions that are directly permitted to a user ID. This video starts with a brief explanation about access control lists and what is considered to be a redundant user permit. The last part of this video is a software simulation of the Verify User permit function.
In this video, you will be walked through the following steps in order to implement pervasive dataset encryption:
- create symmetric data key
- define symmetric data key in RACF
- grant user access to data key
- define dataset encryption policy in RACF
In this video, you will learn the about the zSecure Access Monitor to analyze resource profiles.
The topics covered include:
- When to use the Access Monitor
- What are the design considerations
- How to consolidate using Access Monitor
- How to clean up RACF database
A demonstration of the zSecure Access Monitor is also provided.
Duration: 20 minutes
In this zSecure video, you learn how you can use the Setup application in zSecure to create and use a zSecure UNLOAD data set from your active primary RACF database.
This video provides a demonstration of the user interface for the zSecure Audit Compliance Testing Framework available starting with zSecure v2.3.1.
The framework was
introduced to help automate the compliance checking of newer external standards, as well as, site
standards, and to save time for other security tasks. Standards can be customized.
This 15 minute video contains a zSecure software demonstration how to define and use a zSecure Collection as input to your zSecure Admin session.
The theory of how to perform a RACF database clean up unused resource profiles and permissions based on the collected access decisions by Access Monitor against an offline RACF database. In addition, this video explains how to run an access simulation of historically collected access events against this cleaned up offline RACF database to investigate whether the clean up causes access failures when historic access occur today against the cleaned up RACF database.
This recorded live demonstration shows how to run a RACF database clean up of unused resource profiles and permissions against an offline RACF database based on the Access data set that the Access Monitor has produced. In the second part of this video, the viewers are shown how to run an access simulation to investigate whether the clean up potentially causes access violations or increased access when compared to the collected historic access decision.
This video demonstrates how to specify multiple zSecure input sets as input to be able to use the Show Differences feature. You learn how to set one of your defined zSecure inputs set as the 'Compare Base' and how to additionally select one or more other input sets to compare against the 'Compare Base' to report the differences between the input source and the 'Compare Base'.
This video shows how you can use the Show Differences function in IBM Security zSecure Admin and Audit. You learn what reports support the Show Differences function, how to define which differences you want to include in your reports, and how to interpret the resulting reports and their details.
This video shows how to use the FORALL function that IBM Security zSecure Admin supports. This live demonstration contains some examples of when and where using the FORALL function might prove to be a significant labor time saving function for administering bulk changes to your RACF definitions.
Some security and audit policies of zSecure customers do not approve that all zSecure users have direct READ access to the primary or active backup RACF database. A possible solution to prevent the need for this direct READ access is to use a zSecure Server in Self-connect mode. This video contains an explanation and demonstration of how to use a zSecure Server in self-connect mode to list and maintain a RACF database with zSecure Admin.
zSecure Audit Compliance
This job role includes the central or decentralized employees who are responsible for auditing security implementation on the z/OS system and running rule-based compliance evaluations.
These are tasks that deal with administering and maintaining security settings and profiles
These are tasks that deal with generating audit and compliance reports
These are tasks that deal with generating alert messages
Commercial courses cover a broad range of tasks that are described in the course summary of each course.
zSecure Security Administrator
zSecure Security Administrators vary greatly in their level of responsibility. From entry level administrators with limited RACF capability to central security administrators with extensive RACF capability and responsibility for the system-wide administration of RACF database. Entry level local administrators may be limited to resetting passwords and maintaining memebership in existing groups while central security administrators could be responsible for the maintenance of the class descriptor table and the SETROPTS parameters.