It's hard to be very specific on what little information you gave. I have done a lot of work on IBM mainframes in the past. From a general point of view if the IBM systems involve dumb 3270 type devices running on their propritary VTAM network then the area's of data access controls for none RDBMS (flat, VSAM, IMS, etc) via their security software (RACF, ACF2, etc.) and database access controls for RDBMS such as DB2's DCL (Data Control Language) are key areas. You didn't mention what communications regions were involved like CICS, IMS, TSO, etc. so its are to know exactly what your up against. Also keep in mind that most likely they are also a COBOL shop and that language is as vulnerable to buffer overruns as any other. The big difference in an IBM Mainframe is that the OS is much more protected than other platforms due to its architecture. But it is just a computer and like any other, the general server stuff would apply as it would like dial-ups, default accounts, weak passwords, backups, change control, etc. Sorry I don't have a lot of links or other areas to point you too. Bob Mahan Network Security Operations Phone: (847) 571-5525 mailto:bmahanat_private http://www.nsoco.com > -----Original Message----- > From: Nick Jacobsen [mailto:nickat_private] > Sent: Tuesday, January 28, 2003 7:24 AM > To: pen-testat_private > Subject: z/OS, OS/390 Pen testing tips/ideas/papers? > > > Hi all, > One of my clients has an IBM OS/390 running on one of > their networks I am doing some security testing on, and > considering I really have not dealt with any IBM mainframes > before when it comes to security, I was hoping that some of > you might be able to point me the right direction. Anything > would be helpful, but especially from a penetration viewpoint. > > Thank You, > Nick Jacobsen > Ethics Design > nickat_private > > > -------------------------------------------------------------- > -------------- > This list is provided by the SecurityFocus Security > Intelligence Alert (SIA) Service. For more information on > SecurityFocus' SIA service which automatically alerts you to > the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Jan 31 2003 - 12:39:06 PST