Unix System Services Security

Objective

The objective of this service offering is to ensure that CA-ACF2 security is properly upgraded to secure the Unix System Services (USS) environment introduced within the OS/390 Operating System and to provide security training on this new environment.  The USS environment, also known as the OpenMVS or OMVS environment, is a mandatory Unix environment now activated on IBM mainframes. The USS environment activates mainframe TCP/IP networking and enables mainframe access by Internet/Intranet/web applications as well as by applications such as Telnet, Rlogin, LDAP, UUCP, DFS/NFS and FTP.  As a result, many mandatory mainframe security adjustments are required to accompany the introduction of OS/390.

Scope of Services

This service offering will be met through on-site activities covering four (4) days.  During the on-site visit the consultant(s) will conduct a review and audit all security administrations that have already been taken to support the USS environment. The consultant(s) will research and identify the latest IBM and CA support recommendations pertaining to security administration requirements and security software maintenance requirements.  The consultant(s) will enact any security administrative adjustments currently recommended by IBM and CA.  The consultant(s) will also advise in writing of any recommended security software maintenance adjustments.   Lastly, the consultant(s) will provide formal security overview training on the USS environment.  This training session typically lasts two hours and will be repeated once if desired.  The intended audience is Security, Unix and OS/390 Operating System Support staff.  In summary, the on-site activities will include:

1.       Ensure CA-ACF2 security for USS

q       Review/audit steps already taken

q       Research/Identify current CA and IBM recommendations regarding…

o      Recommended initial security administrative actions

o      Recommended security software maintenance levels

q       Formally advise of any recommended security software maintenance adjustments

q       Enact security administrative adjustments following IBM and CA recommendations:

o      Establish userids required to support USS (OMVS, BPXAS, FTP, TCPIP)

o      Establish Unix user segments for required initial users of the USS

q       If appropriate, establish Unix user-segment defaults for users or setup OMVS default

q        Establish Unix Groups for initial users

q       Establish USS resource security   (e.g. BPX FACILITY resource security)

q       Verify proper BPXIWRAC exec installation

 

2.       Provide formal overview training on USS security