The Myth: Mainframes are Inherently Secure
There’s a myth, a meme perhaps, that mainframes don’t get hacked and mainframe security is guaranteed. When you go to the movies, you see Linux or UNIX systems being hacked. And now, we’re reading in the press about organized gangs and even foreign government Black Ops teams penetrating various organizations. In fact, the BBC was the victim of a Distributed Denial of Service (DDoS) attack on New Year’s Eve 2016 from a group called New World Hacking. Now it may not be too alarming when high profile organizations are attacked, but what if your financial institution or your airline were attacked? That would be very serious.
The reason that mainframes have always been thought of as impenetrable is because their networks used SNA and that was always quite arcane compared to other computer networks. Hackers and would-be hackers learned their ‘dark arts’ by poking around on platforms that had very little security and were very similar to each other. So, for the hackers, there was no need to learn about SNA. They were doing enough damage elsewhere.
The Reality: Mainframes are Vulnerable
But for mainframers, the world changed about 20 years ago when IP networks became part of the mainframe world. Hackers know their way around IP connections – and that gives them a way to penetrate the mainframe world.
But if mainframes did become vulnerable, why didn’t we hear about it? That’s probably because enterprises didn’t want to tell the world that their mission-critical applications and databases were not fully protected. Hackers probably wanted to keep their exploits secret as well, so that they could use their newly acquired skills again, elsewhere. And, sometimes, some sites simply never realized that they had been compromised.
Tightening up Mainframe Security Weaknesses
The trouble is that typical firewalls only secure IP traffic. They don’t understand SNA/APPN (Systems Network Architecture/Advanced Peer-to-Peer Networking) or Enterprise Extender (SNA/APPN traffic wrapped in IP packets). What you need is software that’s able to scan and report on your mainframe security risks; software that’s able to:
- Identify, analyze, and quantify network security exposure
- Correlate results with known violations and attacks
- Report on change made by the VTAM Security Generator
- Recommend security solutions
Net’Q Net-Examine is an application that will analyze security risks in:
- Session profiles in security logs and performance profiles
- VTAM definitions, VTAMLST, VTAM tables
- PARMLIB definitions
- TCP/IP definitions
- Sysplex definitions
- RACF, ACF2, and TSS resource definitions
And Net’Q Net-Examine runs on z/OS, VM, and VSE systems; SNA, APPN, and IP environments; Enterprise Extender environments; mainframe security servers; and Windows-based workstations.
In the past 20 years, the amount of SNA used by mainframe sites has plummeted and the amount of IP traffic has massively increased. That doesn’t mean that there isn’t any SNA-based communication left – and what’s left likely uses the IP network with the kind of vulnerability issues mentioned above. There’s a saying that a chain is only as strong as its weakest link. The same is true with mainframe security. Your mainframe is only as secure as its weakest vulnerability. It makes sense to check out whether your site is at risk from SNA traffic being sent over IP networks. It also makes sense to utilize the best mainframe security solutions before it’s too late.