Computer Security - Racf, db2, trusted computing 

A global bank with a mainframe computer has enormous security risks.  The grandma in Boca Raton with an internet connection has risks too.  Little people – little problems.  Big people – big problems.  But a problem is still a problem.  At IBM Press we just published our third book on security.  I am suprised we didn’t have more books on this topic before 2007  – but am thrilled with the books we now have in the marketplace. 

I recently had a comment on this blog that I did not provide enough information about a particular book – so from on – I will include the Table of Contents or books description.  Hope that helps.

Here’s our three security books:

 Understanding DB2 9 Security by Rebecca Bond, Kein Yeung-Kuen See, Carmen Ka Man Wong, Yuk-Keun Henry Chan

  • Establishing effective security processes, teams, plans, and policies
  • Implementing identification and authentication controls, your first lines of defense
  • DB2 in Windows environments: managing the unique risks, leveraging the unique opportunities
  • Using the new Label Based Access Control (LBAC) of DB2 9 to gain finer-grained control over data protection
  • Encrypting DB2 connections, data “in flight,” and data on disk: step-by-step guidance
  • Auditing and intrusion detection: crucial technical implementation details
  • Using SSH to secure machine-to-machine communication in DB2 9 multi-partitioned environments
  • Staying current with the latest DB2 security patches and fixes

Ori Pomerants, Barbara Vander Weele, Mark Nelson, Tim Hahn

Chapter 1 Introduction to the Mainframe 1

1.1 Why Use a Mainframe? 1

1.2 Getting Started 4

1.3 Job Control Language (JCL) 7

1.4 z/OS UNIX System Services 19

1.5 Getting Help 22

1.6 Additional Information 25


Chapter 2 Users and Groups 27

2.1 Creating a User 27

2.2 How to Modify a User for OMVS Access 31

2.3 Groups 36

2.4 zSecure 42

2.5 Additional Information 43


Chapter 3 Protecting Data Sets and Other Resources 45

3.1 Protecting Data Sets 45

3.2 Other Resources 57

3.3 Security Data (Levels, Categories, and Labels) 64

3.4 Securing UNIX System Services (USS) Files 68

3.5 zSecure 70

3.6 Additional Information 71


Chapter 4 Logging 73

4.1 Configuring Logging 73

4.2 Generating Reports 82

4.3 UNIX System Services (USS) Logging 91

4.4 Logging in zSecure 95

4.5 Additional Information 97


Chapter 5 Auditing 99

5.1 Auditing 99

5.2 The RACF Data Security Monitor (DSMON) 100

5.3 The Set RACF Options (SETROPTS) Command 108

5.4 The RACF Database Unload Utility (IRRDBU00) 110

5.5 The RACF Health Checks 114

5.6 zSecure Auditing 118

5.7 Additional Information 120


Chapter 6 Limited-Authority RACF Administrators 121

6.1 Profiles Owned by Users 121

6.2 Group-Owned Profiles and Group Authorities 122

6.3 System-Level Authorities 128

6.4 Manipulating Users 129

6.5 Additional Information 133


Chapter 7 Mainframes in the Enterprise-Wide Security Infrastructure 135

7.1 What Is an Enterprise? 136

7.2 Enterprise Security Administration 144

7.3 Communicating between Enterprises–and Beyond 148

7.4 Additional Information 149


A Practical Guide to Trusted Computing by David Challener, Kent Yoder, Ryan Catherman, David Safford, Leendert Van Doorn


Coverage includes

  • What services and capabilities are provided by TPMs
  • TPM device drivers: solutions for code running in BIOS, TSS stacks for new operating systems, and memory-constrained environments
  • Using TPM to enhance the security of a PC’s boot sequence
  • Key management, in depth: key creation, storage, loading, migration, use, symmetric keys, and much more
  • Linking PKCS#11 and TSS stacks to support applications with middleware services
  • What you need to know about TPM and privacy–including how to avoid privacy problems
  • Moving from TSS 1.1 to the new TSS 1.2 standard
  • TPM and TSS command references and a complete function library