Advanced z/OS Security: Crypto, Network, RACF, and Your Enterprise

Overview

System z continues to extend the value of the mainframe by leveraging robust security solutions, to help meet the needs of today's on demand, service-oriented infrastructures. System z servers have implemented leading-edge technologies, such as high-performance cryptography, multi-level security, large-scale digital certificate authority and lifecycle management; as well as improved Secure Sockets Layer (SSL) performance, advanced Resource Access Control Facility (RACF) function, and z/OS Intrusion Detection Services. This advanced z/OS security course presents the evolution of the current z/OS security architecture. It explores in detail, the various technologies that are involved in z/OS Cryptographic Services, z/OS Resource Access Control Facility (RACF), and z/OS Integrated Security Services.

In the hands-on exercises, you begin with your own z/OS HTTP Server in a TCP/IP environment. Throughout the exercises, you make changes to the configuration to implement authentication by using RACF, SSL and the use of digital certificates. Use is made of facilities such as RACDCERT to manage digital certificates, PKI Services and RACF auto registration. You will also implement different scenarios to implement ssl security for a typical tcpip application; FTP: SSL, TLS, server authentication, client certificates and AT-TLS. These exercises reinforce the concepts and technologies being covered in the lectures.

Learning Journeys or Training Paths that reference this course:

Audience

This class is intended for z/OS system programmers and security specialists in charge of designing and implementing z/OS security for web-enabled applications.

Prerequisites

You should have:

  • General z/OS knowledge, including basic UNIX System Services skills
  • Experience configuring any of the web servers on z/OS
  • Basic knowledge of TCP/IP and RACF

Key topics

Day 1

  • Welcome
  • Unit 1: Overview of z/OS security for on-demand business Unit 2: z/OS platform security: Part 1
  • Unit 3: z/OS platform security: Part 2
  • Unit 4: Introduction to digital certificates and PKI

Day 2

  • Unit 5: The SSL protocol
  • Unit 6: HTTP and Apache server, SSL client authentication and WebSphere Application Server security
  • Unit 7: RACF and digital certificates
  • Unit 8: Open Cryptographic Services Facility
  • Exercise 1: Controlling access using the httpd.config file Exercise 2: SSL protocol

Day 3

  • Exercise 2: SSL protocol (continued)
  • Unit 9: Introduction to z/OS Communications Server security features Unit 10: System SSL overview
  • Unit 11: TN3270 secure connection
  • Unit 12: FTP server and client secure connection
  • Unit 13: Cryptography overview: System z integrated cryptography

Day 4

  • Exercise 3: SSL client authentication and RACF auto registration
  • Unit 14: Network authentication services and Enterprise Identity Mapping Unit 15: LDAP Directory Services in z/OS and the Tivoli Director Server for z/OS
  • Unit 16: An introduction to OpenSSH for z/OS
  • Exercise 4: Securing FTP with SSL: FTPS, TLS, AT-TLS

Objectives

  • Describe the components of network security, platform security, and transaction security on z/OS
  • Describe how RACF supports UNIX users and groups
  • Describe web server security flow on z/OS
  • Explain the contents and use of a digital certificate
  • Explain the difference between asymmetric and symmetric cryptographic techniques
  • Explain SSL V3 client authentication
  • Explain the basics of WebSphere Application Server and web services security
  • Utilize the RACDCERT command
  • Discuss the OCSF service providers
  • Explain VPN (IPSec), SSL/TSL, and AT-TLS and the differences between them
  • Discuss the z/OS Communication Server policy agent, IDS, and IP filtering
  • Describe and utilize System SSL
  • Explain how TN3270 and FTP SSL support works
  • Explain how IBM secure hardware cryptographic co-processors work
  • Explain how Kerberos authentication works
  • Explain the LDAP terms of DN, objectclass, attribute, schema, back end, and directory
  • Explain how to setup, customize, and operate z/OS PKI Services

Related Articles:

IBM Training Blog:

Enroll

You can enroll in an instructor-led classroom at different geographic locations, instructor-led online course in any timezone or a self-paced online course.

This class has been identified by our Global Training Partner as "Guaranteed to run". View the terms and conditions for full details.

Start Date GTR Country City Duration Language Partner Action
France Paris 32 Hours French Global Knowledge

Enroll



Skip Sign in

France Paris 32 Hours French Arrow ECS

Enroll



Skip Sign in

Italy Torino 40 Hours Italian Global Knowledge/PR.ES. srl

Enroll



Skip Sign in

Italy Milano 40 Hours Italian Global Knowledge/PR.ES. srl

Enroll



Skip Sign in

Italy Roma 40 Hours Italian Global Knowledge/PR.ES. srl

Enroll



Skip Sign in

Singapore Singapore, SG 32 Hours English Ingram Micro/Trainocate

Enroll



Skip Sign in

Indonesia Jakarta, ID 28 Hours English Ingram Micro/Trainocate

Enroll



Skip Sign in

Singapore Singapore, SG 32 Hours English Ingram Micro/Trainocate

Enroll



Skip Sign in

Singapore Singapore, SG 32 Hours English Ingram Micro/Trainocate

Enroll



Skip Sign in

Namibia Windhoek, NA 32 Hours English Ingram Micro

Enroll



Skip Sign in

Kenya Nairobi, KE 32 Hours English Ingram Micro

Enroll



Skip Sign in

Spain Arrow ECS 32 Hours Spanish Arrow ECS

Enroll



Skip Sign in

Denmark København - Ballerup 28 Hours English Arrow ECS

Enroll



Skip Sign in

France Paris 32 Hours French Arrow ECS

Enroll



Skip Sign in

France Paris 32 Hours French Arrow ECS

Enroll



Skip Sign in

France Paris 32 Hours French Arrow ECS

Enroll



Skip Sign in

Slovakia Bratislava, SK 28 Hours English Ingram Micro

Enroll



Skip Sign in

Czech Republic Prague, CZ 28 Hours English Ingram Micro

Enroll



Skip Sign in

Spain Barcelona, ES 28 Hours Spanish Ingram Micro

Enroll



Skip Sign in

Poland Warsaw, PL 28 Hours English Ingram Micro

Enroll



Skip Sign in

Germany Frankfurt 28 Hours German Ingram Micro

Enroll



Skip Sign in

Austria Vienna, AT 28 Hours German Ingram Micro

Enroll



Skip Sign in

Italy Rome, IT 28 Hours Italian Ingram Micro

Enroll



Skip Sign in

Slovakia Bratislava, SK 28 Hours English Ingram Micro

Enroll



Skip Sign in

Serbia Beograd, RS 28 Hours English Ingram Micro

Enroll



Skip Sign in

Slovenia Ljubljana, SI 28 Hours English Ingram Micro

Enroll



Skip Sign in

Italy Rome, IT 28 Hours Italian Ingram Micro

Enroll



Skip Sign in

Switzerland Zurich, CH 28 Hours German Ingram Micro

Enroll



Skip Sign in

Austria Vienna, AT 28 Hours German Ingram Micro

Enroll



Skip Sign in

Ireland Dublin 28 Hours English Ingram Micro

Enroll



Skip Sign in

Portugal Lisboa, PT 28 Hours Portuguese Ingram Micro

Enroll



Skip Sign in

Germany Frankfurt 28 Hours German Ingram Micro

Enroll



Skip Sign in

Poland Warsaw, PL 28 Hours English Ingram Micro

Enroll



Skip Sign in

Switzerland Zurich, CH 28 Hours German Ingram Micro

Enroll



Skip Sign in

Serbia Beograd, RS 28 Hours English Ingram Micro

Enroll



Skip Sign in

Portugal Lisboa, PT 28 Hours Portuguese Ingram Micro

Enroll



Skip Sign in

Hungary Budapest, HU 28 Hours English Ingram Micro

Enroll



Skip Sign in

Czech Republic Prague, CZ 28 Hours English Ingram Micro

Enroll



Skip Sign in

Slovenia Ljubljana, SI 28 Hours English Ingram Micro

Enroll



Skip Sign in

Spain Barcelona, ES 28 Hours Spanish Ingram Micro

Enroll



Skip Sign in

Hungary Budapest, HU 28 Hours English Ingram Micro

Enroll



Skip Sign in

France Paris, FR 28 Hours French Ingram Micro

Enroll



Skip Sign in

France Paris, FR 28 Hours French Ingram Micro

Enroll



Skip Sign in

India Bangalore 28 Hours English Arrow ECS/Amstar

Enroll



Skip Sign in

India Bangalore 28 Hours English Arrow ECS/Amstar

Enroll



Skip Sign in

India Bangalore 28 Hours English Arrow ECS/Amstar

Enroll



Skip Sign in

Switzerland Genève 32 Hours French LearnQuest/Satom IT & Learning Solutions

Enroll



Skip Sign in

Switzerland Genève 32 Hours French LearnQuest/Satom IT & Learning Solutions

Enroll



Skip Sign in

Poland Warszawa 28 Hours Polish TechData Inc.

Enroll



Skip Sign in

Poland Warszawa 28 Hours Polish TechData Inc.

Enroll



Skip Sign in

Italy Bologna 24 Hours Italian LearnQuest/Overnet Solutions Ltd.

Enroll



Skip Sign in

Italy Milano 24 Hours Italian LearnQuest/Overnet Solutions Ltd.

Enroll



Skip Sign in

Italy Roma 24 Hours Italian LearnQuest/Overnet Solutions Ltd.

Enroll



Skip Sign in

Italy Napoli 24 Hours Italian LearnQuest/Overnet Solutions Ltd.

Enroll



Skip Sign in

Italy Roma 28 Hours Italian TechData Inc.

Enroll



Skip Sign in

Germany Leinfelden-Echterdingen 28 Hours German TechData Inc.

Enroll



Skip Sign in

Switzerland Genève 28 Hours French TechData Inc.

Enroll



Skip Sign in

Austria Wien 28 Hours German TechData Inc.

Enroll



Skip Sign in

Romania Bucuresti 28 Hours Romanian TechData Inc.

Enroll



Skip Sign in

Switzerland Rotkreuz 28 Hours German TechData Inc.

Enroll



Skip Sign in

India Mumbai 28 Hours English TechData Inc.

Enroll



Skip Sign in

India Bangalore 28 Hours English TechData Inc.

Enroll



Skip Sign in

Indonesia Jakarta 28 Hours English TechData Inc.

Enroll



Skip Sign in

Switzerland Wallisellen 28 Hours German Arrow ECS/Fast Lane

Enroll



Skip Sign in

Switzerland Zürich 28 Hours German Arrow ECS/Esciris

Enroll



Skip Sign in

Italy Milano 28 Hours Italian Arrow ECS/Fast Lane

Enroll



Skip Sign in

United Kingdom London (Arrow) 28 Hours English Arrow ECS

Enroll



Skip Sign in

United Kingdom London (Arrow) 28 Hours English Arrow ECS

Enroll



Skip Sign in

Germany Hamburg 28 Hours German Arrow ECS/Fast Lane

Enroll



Skip Sign in

Germany Garching 28 Hours German Arrow ECS/Fast Lane

Enroll



Skip Sign in

Germany Düsseldorf 28 Hours German Arrow ECS/Fast Lane

Enroll



Skip Sign in

Germany Hamburg 28 Hours German Arrow ECS/Fast Lane

Enroll



Skip Sign in

Germany Berlin 28 Hours German Arrow ECS/Fast Lane

Enroll



Skip Sign in

Germany Stuttgart 28 Hours German Arrow ECS/Fast Lane

Enroll



Skip Sign in

Germany Eschborn 28 Hours German Arrow ECS/Fast Lane

Enroll



Skip Sign in

Germany Münster 28 Hours German Arrow ECS/Fast Lane

Enroll



Skip Sign in

If you are interested in a custom or private delivery of this content, please contact a GTP about delivery in your country.

Start Date My Time Zone GTR Country Duration Language Partner Action
Worldwide32 HoursFrenchGlobal Knowledge

Enroll



Skip Sign in

Worldwide28 HoursEnglishIngram Micro

Enroll



Skip Sign in

Worldwide32 HoursEnglishGlobal Knowledge

Enroll



Skip Sign in

Worldwide28 HoursEnglishArrow ECS/Amstar

Enroll



Skip Sign in

Worldwide28 HoursEnglishArrow ECS/Amstar

Enroll



Skip Sign in

Worldwide28 HoursEnglishArrow ECS/Amstar

Enroll



Skip Sign in

Worldwide32 HoursFrenchLearnQuest

Enroll



Skip Sign in

Worldwide32 HoursGermanLearnQuest

Enroll



Skip Sign in

Worldwide32 HoursEnglishLearnQuest

Enroll



Skip Sign in

Worldwide32 HoursEnglishLearnQuest

Enroll



Skip Sign in

Worldwide28 HoursEnglishIngram Micro

Enroll



Skip Sign in

Worldwide28 HoursEnglishIngram Micro

Enroll



Skip Sign in