SHARE in Seattle

16898: A Forensic Analysis of Security Events on System z, Without the Use of SMF Data

Monday, March 2, 2015: 1:45 PM-2:45 PM
Aspen (Level 2) (Sheraton Seattle)
Speaker: Brian Marshall(Vanguard Integrity Professionals)
Handouts
  • A Forensic Analysis of Security Events on System z, Without the Use of SMF Data (1.9 MB)
  • This session will be a mixture of lecture using slides and a real time demonstration of the power of Vanguard Offline to provide forensic capabilities to discover who accessed, or attempted access, which resource on System Z with RACF.  During the presentation the speaker will first disable SMF recording, then access resources where permissions both allow and deny the access attempt (again without SMF recording) and then show the audience the audit trail of those events.  

    The speaker will show the audience the RACF profiles that both allowed and denied the access, and modify them in real time to change the behavior of the system to prevent access that previously should have been denied, but was allowed. 

    If time permits, the speaker will show some of the other powerful reporting features of the product, such as how to identify every access request allowed via a Global Access Table, Universal Access or ID(*) in an access list.

    Tracks: Security and Compliance, Security in the Enterprise and z/OS Systems Programming
    Share |




    See more of Project: Security and Compliance
    See more of Program: Enterprise Data Center