Upload
others
View
54
Download
1
Embed Size (px)
Citation preview
zSecure 2.4 updates
Rob van HobokenzSecure [email protected]
Session 2AC
mailto:[email protected]
3Licensed material © 2020 IBM Corporation
IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice and at IBM’s sole discretion.
Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision.
The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract.
The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.
Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
Please note
Agenda
4Licensed material © 2020 IBM Corporation
1. JCL2. Db23. SSEs and how to find out more4. DISA STIG automation5. Using STIGs6. zSecure Adapters for SIEM7. zSecure Alert
JCL
5Licensed material © 2020 IBM Corporation
Used in zSecure for:
zSecure Started TasksProduction/job scheduler jobs(Virtual) tape reporting and long running reports
Where:
STC JCL members in SCKRPROCSamples in CKRJOBS (copied from SCKRSAMP)Generated in ISPF with SUB or “Background run”
zSecure in batch jobs (1)
6Licensed material © 2020 IBM Corporation
Easy to generate JCL from the standard zSecure ISPF panels:
//ZSECROBZ JOB ,CERTIFICATE-WARNING,TIME=1,MSGCLASS=Q,NOTIFY=&SYSUID //* //* Generated by zSecure Suite for ZSECROB on 20/10/30 16:07 //* //*complex set //* : Active primary RACF data base //* : daily CKFREEZE //* //CKRCARLA EXEC PGM=CKRCARLA,REGION=64M,PARM='I DD=CKRSPROF' //STEPLIB DD DISP=SHR,DSN=SYS1.CKR240.SCKRLOAD //CKRCARLA DD DISP=SHR,DSN=SYS1.CKR240.SCKRCARL //SYSPRINT DD SYSOUT=* //CKREPORT DD SYSOUT=* //CKRCMD DD SYSOUT=* //CKR2PASS DD SYSOUT=* //C2IOC0 DD DSN='SYSSEC.PRDA.RECENT0.CKFREEZE', // DISP=SHR //CKRCMD02 DD SYSOUT=* //* Standard profile for zSecure Suite run //CKRSPROF DD DATA,DLM='\/' PRINT DD=CKREPORT SUP MSG=(2225,2226,2844,2239); IMBED MEMBER=CKRXDEF1 NOLIST \/ //* //SYSIN DD DATA,DLM='\/' /* Active primary RACF data base */ alloc type=RACF primary active /* daily CKFREEZE */ alloc type=CKFREEZE DD=C2IOC0 alloc type=CKRCMD DD=CKRCMD02
zSecure in batch jobs (2)
7Licensed material © 2020 IBM Corporation
JCL has hard coded dsnamesMaybe with release number in qualifier
Excessive DDs
Inelegant allocation of input files
Two separate SYSIN streams
//ZSECROBZ JOB ,CERTIFICATE-WARNING,TIME=1,MSGCLASS=Q,NOTIFY=&SYSUID //* //* Generated by zSecure Suite for ZSECROB on 20/10/27 16:07 //* //*complex set //* : Active primary RACF data base //* : daily CKFREEZE //* //CKRCARLA EXEC PGM=CKRCARLA,REGION=64M,PARM='I DD=CKRSPROF' //STEPLIB DD DISP=SHR,DSN=SYS1.CKR240.SCKRLOAD //CKRCARLA DD DISP=SHR,DSN=SYS1.CKR240.SCKRCARL //SYSPRINT DD SYSOUT=* //CKREPORT DD SYSOUT=* //CKRCMD DD SYSOUT=* //CKR2PASS DD SYSOUT=* //C2IOC0 DD DSN='SYSSEC.PRDA.RECENT0.CKFREEZE', // DISP=SHR //CKRCMD02 DD SYSOUT=* //* Standard profile for zSecure Suite run //CKRSPROF DD DATA,DLM='\/' PRINT DD=CKREPORT SUP MSG=(2225,2226,2844,2239); IMBED MEMBER=CKRXDEF1 NOLIST \/ //* //SYSIN DD DATA,DLM='\/' /* Active primary RACF data base */ alloc type=RACF primary active /* daily CKFREEZE */ alloc type=CKFREEZE DD=C2IOC0 alloc type=CKRCMD DD=CKRCMD02
zSecure in batch jobs (3)
8Licensed material © 2020 IBM Corporation
JCLLIB tells MVS where to find C2R$PARM and C2RC membersUse a dsname without version/release numbers
C2RC catalogued procedure ships in SCKRPROC
C2RC includes C2R$PARM member from CKRPARM to find dsname prefixesUse CONFIG=MY$PARM for other members
Input data sets can be allocated with ALLOC DSN= command, or using a DD statement and ALLOC DD=
Short and simple.
//ZSECROBZ JOB ,CERTIFICATE-WARNING,TIME=1,MSGCLASS=Q,NOTIFY=&SYSUID //*//JCLLIB JCLLIB ORDER=(SYS2.CKRPARM,// SYS1.SCKRPROC)//*//STEP1 EXEC C2RC //SYSIN DD DATA,DLM=‘\/’/* Active primary RACF data base */ alloc type=RACF primary active/* daily CKFREEZE */alloc type=CKFREEZE DSN=SYSSEC.PRDA.RECENT0.CKFREEZE
N n=DIGTCR51 s=certdata,tt="RACF class ",st="Certificate with cert end between TODAY and TODAY+7",empty="No expiring certificates next week" s c=digtcert s=certdata (certend>=TODAY and certend
zSecure Started Task JCL
9Licensed material © 2020 IBM Corporation
According to Installation and Deployment manual:
Copy several members to a PROCLIB, fromCKRPARM(C2R$PARM)SCKRPROC(C2POLICE)SCKRPROC(C2PCOLL)SCKRPROC(C2PAMON)SCKRPROC(C2RC)etc.
If needed, customize these members.After PTFs or new release install:
compare with original members in SCKRPROC
Ensure C2R$PARM changes are applied to CKRPARM copy (for ISPF users) and to PROCLIB
Result:
Customer running zSecure 2.4.0 C2POLICE JCL still from initial install with 1.11.0
Missing LRECL overrideTruncated messages
New version/release numbers applied to CKRPARM but not in PROCLIB, STCs and batch jobs use older release zSecure
Use IEFJOBS data set
10Licensed material © 2020 IBM Corporation
IEFJOBS data set is allocated in MSTRJCL:
//IEFJOBS DD DSN=SYS1.STCJOBS,DISP=SHR
Contains whole job image, including JOB cards, JCLLIB and SET commands
You can even use an STC name different from the PROC name, without changing SCKRPROC
Builds STC JCL after MVS START command,uses STARTED profile to set STC user ID
Alternative for SYS1.PROCLIB, when SCKRPROC is not part of PROCLIB/STCPROC concatenation
See Using IEFJOBS to define started tasks
SYS1.IEFJOBS(CKRCOLL)
//CKRCOLL JOB ,COLLECT-FOR-ALERTS,TIME=1,MEMLIMIT=NOLIMIT//*//JCLLIB JCLLIB ORDER=(SYS2.CKRPARM,// SYS1.SCKRPROC)//*// INCLUDE MEMBER=C2R$PARM// SET DPREF=CKRALERT.DATA// SET SYS=&SYSNAME//*//CKRCOLL EXEC C2PCOLL,CONFIG=C2R$VOID,FOCUS='ALERT,AUDIT’
JCLLIB tells MVS where to find C2R$PARM and C2PCOLL members
CONFIG=C2R$VOID prevents overwriting JCL symbols DPREF and SYS inside the proc
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.4.0/com.ibm.zos.v2r4.ieae200/ieae20021.htm
Db2
11Licensed material © 2020 IBM Corporation
Report about Db2 activity: EV.DSMF records (type 102) produced by Db2 AUDIT facility
Display (and analyze) Db2 regions: RE.D.RDisplay Db2 tables + access controls: RE.D.TB
Combines internal (GRANT, ZPARM) and external (SAF)Etc.
Real-time SMF records to SIEM (CKQRADAR, CKQCEF)
Monitor DB2 (region) settings and SMF records using zSecure AlertRequires some handy work to write a custom alert
Db2 status (changes)
12Licensed material © 2020 IBM Corporation
SMF 102 IFCid 106
10 new DB2_ZPRM_xxx fields in SMF newlist
System parameters printed in RECORDDESCIncluded in syslog messages to SIEM
2 fields in DB2_REGION newlistDB2_ZPRM_REVOKE_DEP_PRIVDB2_ZPRM_TCPALVER
(2020 Q2 SSE)
DB2 DBC2 SYSOPR Startup options db2auth extsecnosepsec notcpalver revokedep(SQL) noauditstat(1,3:6) acct(1:3,7:8) nomonitor noglobalsysadm(SYSADM,JOESPROG) sysopr(USER1,USER2) secadm(IBMUSER,SYSADM) access(DSNX@XAC) authid(DSN3@ATH) signon(DSN3@SGN)
DB2_ACCESS newlist (1)
13Licensed material © 2020 IBM Corporation
Field Description LenACF2_RULE_ENTRY Complete rule entry 512ACF2_RULE_SUBJECT_MASK ACF2 rule subject mask 24ACF2_RULE_SUBJECT_TYPE ACF2 rule subject type 4C SAF Resource class 8CLASS SAF Resource class 8COMPLEX Complex name 8DB2_OBJECT_DATABASE Object database 128DB2_OBJECT_NAME Object name 128DB2_OBJECT_SCHEMA Object schema 128DB2_OBJECT_TYPE Object type 16DB2AUTH DB2 internal authority 3DB2AUTH_GRANT DB2 internal GRANT authority 3DB2AUTH_GRANTEE DB2 internal grantee 128DB2AUTH_GRANTOR DB2 internal grantor 128DB2AUTH_HOWGOT DB2 internal how got 1DB2AUTH_TIMESTAMP Grant timestamp 15DB2AUTH_TIMESTAMP_DB2 Grant timestamp 19DB2AUTH_USE DB2 internal USE authority 3DB2ID DB2 System identification 4DB2ZPRM DB2 install (ZPRM) authority 3GRANT Effective GRANT authority 3ID Permit id or mapped authid 8OBJECT_CLASS Object class 8OBJECT_RESOURCE Object resource name 39PRIVILEGE Privilege / action 17RESOURCE SAF Resource name 64SAF_DEFINED SAF protected object 3SYSTEM System name 8USE Effective USE authority 3USERID User id or grantee type 8VER Version from ALLOC 4WHEN_CLASS When condition class 8WHEN_CONDITION When condition/object 44
Covers all Db2 object typesdatabase, plan, table/view, userauth, zprm
Combines internal (DB2AUTH, DB2ZPRM) DB2AUTH_GRANTEE, DB2AUTH_HOWGOT
and external (SAF_DEFINED)CLASS, OBJECT_RESOURCE, USERID
One record for each ID, for each object, for each privilege
Sample CARLa: CKRDQDP
DB2_ACCESS newlist (2)
14Licensed material © 2020 IBM Corporation
DB2I Object name Grantee Privilege DB1K
SYSCOLAUTH DSNACPRU
SELECT PUBLIC
SELECT SYSCOLDIST
DSNX7MON SELECT
PUBLIC DELETE SELECT UPDATE
RUNSTATS SELECT
newlist type=db2_access,title="Db2 internal security GRANTs"select db2_object_type=Table/View db2authsum db2id, * db2_object_name(32), * db2auth_grantee(12), * privilege count(nondispl)
or
select db2_object_type=Table/View,grantee=PUBLIC,privilegeSELECT
Write your own compliance test (intro)
15Licensed material © 2020 IBM Corporation
DOMAIN dname SELECT(newlist type(field=value …))
RULE rname DOMAIN(dname) CAPTION(‘short desc’) DESC(‘long desc’) SET(sname)
TEST tname.1 type(field=value) DESC(‘description’)
TEST tname.2 type(field=value) OTHERWISE(,
TEST tname.3a type(field=value) (2020 Q2 SSE)
TEST tname.3b type(field=value))
TEST tname.4 type(field=value) NONCOMPLIANT
TEST tname.5 type(field=value) N/A
ENDRULE
Example: Db2 (production) region privileges
16Licensed material © 2020 IBM Corporation
domain db2_prod_sysadm_privilege, select(db2_access(db2id=P*,
db2_object_type=userauth, privilege=sysadm)),
desc('SYSADM privilege granted, permitted or ZPARM')
rule db2_prod_sysadm_privilege, domain(db2_sysadm_privilege), caption('SYSADM priv'), desc('SYSADM should be tightly controlled')
test approved_SYSADM, db2_access(id=(SYSDBADM,PRODDBA)), desc('Unverified SYSADM privilege')
endrule
Example: Db2 access to RACF defined user/group only via SAF
17Licensed material © 2020 IBM Corporation
domain db2_table_privs, select(db2_access(db2_object_type='table/view'))
rule db2_access_not_via_grant, domain(db2_table_privs),
desc('Security should be via external (SAF) rules') test GRANT_used,
db2_access(userid=(, -other-, -undef-, -pkg-, -plan-, -public-, -pubrmt-, -role-, -rvkdep-)),
desc('Internal security (GRANT) used to an internal id'), otherwise(,
test EXTERNAL db2_access(saf_defined) otherwise(, test INTERNAL db2_access(userid" ") noncompliant, desc('Internal security (GRANT) used to a RACF user or GROUP')))
endrule
SSE = Service Stream Enhancement
zSecure’s take on Continuous Delivery.
Planned packaging frequency is roughly quarterly.
Also separate APARs for urgent fixes or RFEs.
18Licensed material © 2020 IBM Corporation
SSE has an APAR number, ships as one or more big PTFs
19Licensed material © 2020 IBM Corporation
For zSecure 2.4.0:
2019 Q4: OA58799 OA58801 OA58802 OA58804
2020 Q1: OA59004 OA59006
2020 Q2: OA59807 OA59823 OA59861 OA59862
2020 Q4: OA60419 OA60420
Read slide 2 again
New functionality, round-up of fixes.
APARs for:
– CARLa engine and ISPF application
– ACF2 special features
– zSecure Client for CICS
– zSecure Command Verifier
How to find outabout SSEs
20Licensed material © 2020 IBM Corporation
IBM Security Z Security GroupOn IBM CommunitiesBlogs section
Search the IBM Support pages
Follow links on the zSecure home pagezSecure today or Technotes: zSecure V2.4.0 documentation updates
Subscribe to product notifications in My Support
Did you know about theKnowledge Center?
https://community.ibm.com/community/user/security/communities/community-home?communitykey=44eb7c0d-9bc2-419b-9158-ad693e734065&tab=groupdetailshttps://community.ibm.com/community/user/security/communities/community-home/recent-community-blogs?communitykey=44eb7c0d-9bc2-419b-9158-ad693e734065&tab=recentcommunityblogsdashboardhttps://www.ibm.com/support/pages/ibmsearch?q=zsecure%20ssehttps://community.ibm.com/community/user/security/blogs/jeroen-tiggelman/2018/11/09/ibm-security-zsecure-todayhttps://www.ibm.com/support/pages/node/1075515https://www.ibm.com/systems/support/myview/subscription/css.wss/?locale=en_ZZhttps://www.ibm.com/mysupport/s/https://www.ibm.com/support/knowledgecenter/SS2RWS_2.4.0/com.ibm.zsecure.doc_2.4.0/welcome.html
21Licensed material © 2020 IBM Corporation
DISA STIG automation
22Licensed material © 2020 IBM Corporation
Focus for development team in zSecure 2.4
zSecure Collect reads and parses selected members from PARMLIB (2020 Q2 SSE)In addition to z/OS control blocks
zSecure Collect reads z/OS UNIX files to evaluate UNIX services (2020 Q4 SSE)
SENSTYPE values ending in _ for installation specified dsnames and module names
Many more STIG controls and more automated evaluations
2020 Q2 SSE find unusable data sets in MVS PARMLIB
Parse LPALSTxx, LNKLSTxx, IEALPAxx, IEAFIXxx, and PROGxx members selected by IPL parms and andnew sensitivity types to automate AAMV0325 and AAMV0350:
LPAnoDS / LPAnoMC / LPAnoMnt / LPAnoVar returned for LPALSTxx inaccessible data sets
LPAnoDS / LPAnoMC / LPAnoMnt / LPAnoVar returned for IEALPAxx inaccessible data sets
LPAnoDS / LPAnoMC / LPAnoMnt / LPAnoVar returned for IEAFIXxx inaccessible data sets
LPAnoDS / LPAnoCat / LPAnoMnt / LPAnoVar returned for PROGxx LPA statement inaccessible data sets
EXITnoDS / EXITnoCat / EXITnoMnt / EXITnoVar returned for PROGxx EXIT statement inaccessible data sets
LNKnoDS / LNKnoMC / LNKnoMnt / LNKnoVar returned for LNKLSTxx inaccessible data sets but only if there is no LNK(LST) ACTIVATE in PROGxx
LNKnoDS / LNKnoCat / LNKnoMnt / LNKnoVar returned for PROGxx LNK statement inaccessible data sets
noDS – Data set not in VTOC / noMC – Must be in master catalog but is not / noMnt – volume not mounted / noVar – variable name but not resolved
Licensed material © 2020 IBM Corporation
Configurable sensitivity types
Licensed material © 2020 IBM Corporation
Documented in Appendix of CARLa syntax manualending in _dsnames that can’t be determined automatically
SIMULATE CLASS=DATASET,SENSTYPE=SDSFinst_,RESOURCE=SYSPROG.BUILD.SDSF.**
ASSERT AS(CONFIG) CLASS(DATASET),SENSTYPE(SMFdmp_bkp_),RESOURCE(SMF.DAILY.**),VERSION(1)
Use in control members ACPCNFG, FTPCNFGor use AU.R.C, option Configuration of resource names
See “Preparation for CKACUST members” in URM
Using STIGs
25Licensed material © 2020 IBM Corporation
Run evaluation, process “non compliant” results:
Look at test results to determine the applicable approve config members
Add user IDs and groups into named config member in CKACUST
Override test
26Licensed material © 2020 IBM Corporation
If you disagree with a test, you can override the test decision:
Use O line command on the test:
Override for this resource (data set) is saved in ASSERT output file for future runs
Each resource (data set) needs a separate O action
OVERRIDE command
27Licensed material © 2020 IBM Corporation
You can also use the OVERRIDE CARLa command
OVERRIDE TEST(1f.UACC_NONE),RULE_SET(ACP00110),AS(COMPLIANT) BY('Audit compliance manager'),ENDDATE(2021-12-31) VERSION(1)
Applies to any data set covered by this rule set
Or add RESOURCE(USER.LINKLIB) for more granularity (repeat for each applicable data set)
Execute OVERRIDE commands once with ASSERT file allocated
saved for future usereport using AU.R.H “History log”
Replace test
28Licensed material © 2020 IBM Corporation
If you do not use ASSERT files:
Add to CKACUST(C2RG@IDF)or to member imbedded from C2RG@IDF
OVERRIDE TEST(1.interval_le_60),RULE_SET(RACF0580) VERSION(1),AS(COMPLIANT) BY('Audit compliance manager'),COMMENT('90 day password interval approved’)
Add to CKACUST(CKAG@INS):
imbed m=MYAGR580 /* password interval 90 */
Replace test
29Licensed material © 2020 IBM Corporation
Add member CKACUST(MYAGR580):
imbed m=ckagr580 nodup
RULE MY_RACF0580_interactive_users,DOMAIN(RACF_interactive_userids), SET(RACF0580)
TEST 1.interval_le_90,racf(PASSINT_EFFECTIVE
Heads up
30Licensed material © 2020 IBM Corporation
2020 Q4 SSE
Approve list for certificate labels, GLOBAL profilesDoes not fit in 72 positionsNew data set CKACUSV (variable length)
2 new SMPE target data setSCKACUST (FB: empty approve list members)SCKACUSV (VB: empty members)
CKAZCUST job no longer used to copy (new) empty members into CKACUST
CKAZSITE job to allocate (one time) the site CKACUST/CKACUSV data sets
Check you JCL if you run STIG reports in batch:
//ZSECROBT JOB ,ROB,MSGCLASS=Q,NOTIFY=&SYSUID //* //CKRCARLA EXEC PGM=CKRCARLA,MEMLIMIT=NOLIMIT//STEPLIB DD DISP=SHR,DSN=SYS1.CKR240.SCKRLOAD //CKRCARLA DD DISP=SHR,DSN=ZSECROB.WORK.CKACUST // DD DISP=SHR,DSN=ZSECROB.WORK.CARLA // DD DISP=SHR,DSN=ZSEC.TEAM.CKACUST // DD DISP=SHR,DSN=SYS1.CKR240.SCKACUST // DD DISP=SHR,DSN=SYS1.CKR240.SCKRCARL //CKA@CUST DD DISP=SHR,DSN=ZSECROB.WORK.CKACUST // DD DISP=SHR,DSN=ZSEC.TEAM.CKACUST // DD DISP=SHR,DSN=SYS1.CKR240.SCKACUST //CKA@CUSV DD DISP=SHR,DSN=ZSEC.TEAM.CKACUSV // DD DISP=SHR,DSN=SYS1.CKR240.SCKACUSV //SYSPRINT DD SYSOUT=* //CKREPORT DD SYSOUT=* //CKRCMD DD SYSOUT=* //CKR2PASS DD SYSOUT=*
Adapters for SIEM
31Licensed material © 2020 IBM Corporation
Translate SMF records into structured syslog messages
40+ SMF record types supported out of the box
LEEF formatted for consumption by QRadar and SplunkCEF formatted for transmission to ArcSight
Also included with zSecure Audit
Real-time STC or batch job based
Using UDP (send and forget) or TCP (connection based)
TCP connect reliability
32Licensed material © 2020 IBM Corporation
PTFs for APAR OA58509
Adds high availability support for TCP connections:
If primary node does not respond, send message to alternate node
Add keep alive messages:
Designed to keep path through firewall alive
Check member CKQSPECL for syntax clues
Destination QRadarHA, primary=MY.QRADAR.BOX, alternate=MY.FALLBACK.QRADAR.BOX
Option syslogtcp=QRadarHA
Option tcp_keepalive_interval=240 /* seconds */
zSecure Alert
33Licensed material © 2020 IBM Corporation
Support to TCP Keep Alive option via SE.A.A – E line command
PTFs and SSEs
34Licensed material © 2020 IBM Corporation
Be sure to read the documentation updates on Support Pages
Please submit your session feedback!
Do it online at http://conferences.gse.org.uk/2020/feedback/2AC
This session is 2AC
http://conferences.gse.org.uk/2020/feedback/nn
Notices and disclaimers
Licensed material © 2020 IBM Corporation
© 2018 International Business Machines Corporation. No part of this document may be reproduced or transmitted in any form without written permission from IBM.
U.S. Government Users Restricted Rights — use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM.
Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. This document is distributed “as is” without any warranty, either express or implied. In no event, shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted per the terms and conditions of the agreements under which they are provided.
IBM products are manufactured from new parts or new and used parts. In some cases, a product may not be new and may have been previously installed. Regardless, our warranty terms apply.”
Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice.
Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary.
References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business.
Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation.
It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer follows any law.
36
Notices and disclaimerscontinued
Licensed material © 2020 IBM Corporation
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products about this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products.Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM expressly disclaims all warranties, expressed or implied, including but not limited to, the implied warranties of merchantability and fitness for a purpose.
The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right.
IBM, the IBM logo, ibm.com and [names of other referenced IBM products and services used in the presentation] are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at: www.ibm.com/legal/copytrade.shtml.
37
http://www.ibm.com/legal/copytrade.shtml
© Copyright IBM Corporation 2019. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM’s current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.
Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
Follow us on:
ibm.com/security
securityintelligence.com
ibm.com/security/community
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
Thank you
https://www.ibm.com/security/mainframe-security/zsecure
https://www.ibm.com/us-en/marketplace/ibm-multifactor-authentication-for-zos
https://community.ibm.com/community/user/security/communities/zsecurity
https://www.ibm.com/securityhttps://securityintelligence.com/https://www.ibm.com/security/communityhttps://exchange.xforce.ibmcloud.com/https://twitter.com/IBMSecurity?ref_src=twsrc%5egoogle|twcamp%5eserp|twgr%5eauthorhttps://www.youtube.com/ibmsecurityhttps://www.ibm.com/security/mainframe-security/zsecurehttps://www.ibm.com/us-en/marketplace/ibm-multifactor-authentication-for-zoshttps://community.ibm.com/community/user/security/communities/zsecurity
39Licensed material © 2020 IBM Corporation