Security / Governance, Risk & Compliance

Advanced z/OS Security: Crypto, Network, RACF, and Your Enterprise

System z continues to enhance the value of mainframes with robust security solutions to help meet the needs of today's on-demand and service-oriented infrastructures. System z servers have implemented cutting-edge technologies such as high-performance cryptography, multi-level security, a large digital certificate authority and lifecycle management; as well as enhanced Secure Sockets Layer (SSL) performance, advanced Resource Access Control Facility (RACF) and z/OS Intrusion Detection Services. This advanced z/OS security course outlines the evolution of the current z/OS security architecture. It examines in detail the various technologies involved in z/OS Cryptographic Services, z/OS Resource Access Control Facility (RACF) and z/OS Integrated Security Services.

Issues

Describing the components of network security, platform security and transaction security in z/OS.
Describing how RACF handles UNIX users and groups.
Describing the flow of web server security in z/OS.
Describing the content and use of a digital certificate.
Describing the difference between asymmetric and symmetric cryptographic techniques.
Describing SSL V3 client authentication.
Describing the basics of WebSphere application server and Web services security.
Using the RACDCERT command.
Discussing OCSF service providers.
Discussing VPN (IPSec), SSL/TSL and AT-TLS and the differences between them.
Discussing z/OS communication server policy agent, IDS and IP filtering.
Describing and using system SSL.
Describing the operation of TN3270 and FTP SSL protocol support.
Describing the operation of IBM secure hardware cryptographic coprocessors.
Describing how Kerberos authentication works.
Describing the terms LDAP DN, objectclass, attribute, schema, back end and directory.
Explaining how to configure, customize and operate z/OS PKI services.

Who is this training for?

The course is designed for z/OS developers and security professionals who design and implement z/OS security for web applications

Prerequisites

General knowledge of z/OS, including basic skills in using UNIX system services
Experience configuring any z/OS web server
Basic knowledge of the TCP/IP protocol and RACF

Training program

Welcome
Unit 1: Overview of z/OS security for on-demand businesses Unit 2: z/OS platform security: Part 1
Unit 3: z/OS platform security: Part 2
Unit 4: Introduction to digital certificates and PKI

Unit 5: SSL Protocol
Unit 6: HTTP Server and Apache, SSL client authentication and WebSphere Application Server security
Unit 7: RACF and digital certifications
Unit 8: Open Cryptographic Services Facility
Exercise 1: Access control using httpd.config file Exercise 2: SSL protocol

Exercise 2: SSL protocol (continued)
Unit 9: Introduction to the security features of the z/OS communication server Unit 10: Discussion of SSL in the system
Unit 11: TN3270 secure connection
Unit 12: Secure FTP server and client connection
Unit 13: Cryptography discussion: integrated cryptography System with.

Exercise 3: SSL client authentication and automatic RACF registration
Unit 14: Network Authentication Services and Enterprise Identity Mapping Unit 15: LDAP Directory Services on z/OS and Tivoli Director Server for z/OS
Unit 16: Introduction to OpenSSH for z/OS
Exercise 4: Securing FTP with SSL: FTPS, TLS, AT-TLS

Delivery Methods

Online

Convenience of participating from anywhere
Interactive live sessions with trainer
Materials available for 30 days
No travel costs

On-site

Direct contact with trainer and group
Intensive hands-on workshops
Networking with other participants
Full focus on learning

Frequently asked questions

What are the prerequisites for this training?

For Advanced z/OS Security: Crypto, Network, RACF, and Your Enterprise we recommend: General knowledge of z/OS, including basic skills in using UNIX system services; Experience configuring any z/OS web server; Basic knowledge of the TCP/IP protocol and RACF.

What is the format and duration of this training?

The training lasts 4 days and is available in online and on-site format. Sessions run from 9:00 AM to 4:00 PM. We can also customize the schedule to fit your team's needs.

Who is this training designed for?

This training is designed for: The course is designed for z/OS developers and security professionals who design and implement z/OS security for web applications.