There are many other commands used when required, but they are not that frequent.
Trends in MVS Security: This article was first written inupdated in November,and updated again in July of MVS has been the environment for which the best-known and most widely used security products have been developed, and it has influenced our thinking about security for all computer systems.
But MVS security is not a static concept; it is a moving target on which security product vendors and infosecurity professionals must keep focused. Data security officers need to understand the history of MVS security, and they should be aware of the recent developments.
This takes on greater importance since the mainframe is not dying or going away. The Gartner Group calculates that the cost per user and cost per transaction is often lower on a mainframe than on other platforms. It is relatively easy to demonstrate that MVS provides the most secure and most reliable version of: In discussing MVS security, five basic ideas should be kept in mind: The different protective tools available with MVS are all inter-related.
A weakness in one undermines the security of them all. Security tools have evolved in response to the increasing complexity of the operating system, including the number and type of users and programs supported. This complexity also includes the increasing number of system software components.
The security provided by these tools is based on two basic questions: Each security tool addresses at least one of these questions.
As tools increased in sophistication, they have relied less on hardware controls, and more on software controls.
This has required more attention and greater effort by security administrators to ensure that security tools are used rigorously and consistently. As more types of hardware and software are interconnected including: When this is not well understood, security officers may not be informed of changes in a timely fashion, and they may not be able to provide adequate, efficient control.
To provide comprehensive computer security, it is important to understand the different security features available to MVS systems and how they fit together: Security Through Hardware MVS's evolution may be viewed in several stages, each of which was built upon its predecessors and upon basic hardware controls to support computer security.
Since only one job or program could execute at a time, there was no need to prevent one program from interfering with another.
In this sense, one of the earliest controls was isolation - that is, allowing only one program to execute at a time.
In addition, PCP relied on two basic hardware controls to prevent programs from interfering with the operating system itself. These were supervisor state and protect keys.
When it is on in supervisor stateprograms can execute any instruction given them. When the switch is off the problem program statehowever, programs cannot execute privileged instructions - such as sending a command to a tape drive to start reading data.
As a general rule, MVS reserves supervisor state for itself, causing all application programs to execute in problem program state. Any time a program needs some powerful function, it must issue a supervisor call instruction to request the operating system to perform it. For example, to read data in from a tape drive, a program must issue a supervisor call instruction to request MVS to tell the tape drive to perform the read.
MVS will execute the necessary privileged instructions, but only after performing various checks to make sure the program should be allowed to read from that tape drive.
After issuing or denying the requested commands, MVS returns control to the application program in problem program state. IBM has provided several ways for application programs to obtain supervisor state: While these methods are provided by IBM, each installation must provide appropriate controls over their use.
PARMLIB or the parmlibs, there can now be more than one in usechange control and access control over this dataset are important parts of an effective security program. Ideally, such routines should use the same sort of logic as IBM's supervisor calls, making sure that the program issuing the supervisor call instruction should be permitted to do so.
For example, the supervisor call to open a file contains checks to make sure that the requesting program is authorized to open that specific file.About the Author.
Stuart Henderson is an experienced consultant and trainer who specializes in effective IT audits and computer security. He has helped hundreds of organizations make better use of security software such as RACF, ACF2, and TopSecret.
Jan 27, · Mainframe Introduction -Mainframe Cobol Tutorial Part 1 Tutorial shows the basic information about what is mainframe . Return to Catalog Home Return to Curriculum Listing z/OS Concepts and Components Duration. 5 hours. Overview. The z/OS Concepts and Components course describes the evolution of mainframe computing and provides descriptions of the major components that comprise today's z/OS environment.
Basics of Mainframe Mainframe computers are big machines used primarily by large organizations like banking, finance, stock market, insurace etc. for hosting critical applications to perform bulk processing. ETL testing guide for beginners, it covered all the topics of ETL testing and data warehouse concepts.
A Tutorial discussing some concepts related to mainframes, and a demonstration of how to connect to a mainframe using the QVT Term telnet application.