Most massive financial institutions rely on the IBM Mainframe platform for their day-to-day business. Without this critical platform, those businesses would cease to function. At the heart of securing any system, no less the venerable IBM mainframe, are the authentication methods used to verify users. We will examine the various password storage options for IBM's RACF (Resource Access Control Facility) as implemented in z/OS.
Could a breach of your mainframe lead to a breach of the rest of your network? If you synchronize passwords and use one of the legacy algorithms for RACF, the answer may be: yes!
Depending on how your z/OS system is configured, the passwords may be stored using algorithms ranging from what basically amounts to cleartext, all the way up to world-class password encryption. Did you know the mainframe supports long passphrases, Multi-Factor Authentication and can also generate passtickets? If your enterprise uses RACF to secure its mainframe, you should register.
This talk is geared for technical decision makers, mainframe security personnel that want to learn more, or anyone with an interest in how z/OS stores its passwords / passtickets. You will learn how RACF stores its password information; the different types of password storage algorithms — with weaknesses / strengths in each - and also how to implement passtickets properly to avoid compromise.
Chad Rikansrud is the Director of North American Operations for RSM Partners (www.rsmpartners.com) - a world leader in IBM mainframe security consulting services. Most of Chad's 20-year career has been in technology leadership for the financial services industry.
David Balcar, Security Strategist at Carbon Black, has over 18 years' experience in conducting Security Research, Network Penetration testing, Incident Response and Computer Forensics. David is a regular presenter on subjects including security trends, penetration testing, top threats and network security hardening.