RACFCICS.docx
《RACFCICS.docx》由会员分享,可在线阅读,更多相关《RACFCICS.docx(18页珍藏版)》请在冰豆网上搜索。
RACFCICS
RACFandCommonCICSSecurity
WinHEC2005Update-April20,2005
Abstract
ThispaperprovidesanunderstandingofhowthesecurityprovidedbytheMicrosoft®Windows®Server™System,andinparticulartheWindowsServer2003operatingsystem,compareswiththesecurityavailablefromIBMResourceAccessControlFacility(RACF)anditsthird-partyalternatives,andhowitiscommonlyusedinIBMCustomerInformationControlSystem(CICS)TransactionServer.BothproductsaredesignedforIBM’smainframez/OSoperatingsystems,anditspredecessors,suchasOS/390.
Thisinformationappliesforthefollowingoperatingsystems:
MicrosoftWindowsServer2003
MicrosoftWindowsXP
MicrosoftWindows2000
ItalsoappliesforthefollowingWindowsServerSystemproducts:
MicrosoftSQLServer™2000
MicrosoftWindowsHostIntegrationServer(HIS)2004
GeneralinformationonsecurityintheWindowsServeroperatingsystemcanbefoundat
ThecurrentversionofthispaperismaintainedontheWebat
Contents
Introduction3
PurposeandAudience3
WhatIsCICS?
3
TerminalConnectionstoz/OSTerminalApplications3
CICSTerminalScreenChoice-basedAccessControl4
SecurityinMVSandz/OS4
TerminalUnit-BasedIdentification5
PresetTerminal-BasedSecurity5
IndividualUserIdentificationtoCICSandWindowsServer5
TransactionandProgramAccessControl6
DataAccessControl7
DataAccessControlwithRACFandDB2onaMainframe7
DataAccessControlintheWindowsServerSystemandSQLServer7
BatchApplications:
ProgramAccessControl8
WhatCICSDoesNotProtect9
ProtectionandSecurityofCICS9
CICSandWindowsServerSecuritySummaryComparison9
ConclusionandNextSteps10
Terminology11
Resources11
Disclaimer
Thisisapreliminarydocumentandmaybechangedsubstantiallypriortofinalcommercialreleaseofthesoftwaredescribedherein.
TheinformationcontainedinthisdocumentrepresentsthecurrentviewofMicrosoftCorporationontheissuesdiscussedasofthedateofpublication.BecauseMicrosoftmustrespondtochangingmarketconditions,itshouldnotbeinterpretedtobeacommitmentonthepartofMicrosoft,andMicrosoftcannotguaranteetheaccuracyofanyinformationpresentedafterthedateofpublication.
ThisWhitePaperisforinformationalpurposesonly.MICROSOFTMAKESNOWARRANTIES,EXPRESS,IMPLIEDORSTATUTORY,ASTOTHEINFORMATIONINTHISDOCUMENT.
Complyingwithallapplicablecopyrightlawsistheresponsibilityoftheuser.Withoutlimitingtherightsundercopyright,nopartofthisdocumentmaybereproduced,storedinorintroducedintoaretrievalsystem,ortransmittedinanyformorbyanymeans(electronic,mechanical,photocopying,recording,orotherwise),orforanypurpose,withouttheexpresswrittenpermissionofMicrosoftCorporation.
Microsoftmayhavepatents,patentapplications,trademarks,copyrights,orotherintellectualpropertyrightscoveringsubjectmatterinthisdocument.ExceptasexpresslyprovidedinanywrittenlicenseagreementfromMicrosoft,thefurnishingofthisdocumentdoesnotgiveyouanylicensetothesepatents,trademarks,copyrights,orotherintellectualproperty.
©2005MicrosoftCorporation.Allrightsreserved.
ActiveDirectory,Microsoft,MSDN,MS-DOS,Win32,Windows,WindowsNT,andWindowsServerareeitherregisteredtrademarksortrademarksofMicrosoftCorporationintheUnitedStatesand/orothercountries.
Thenamesofactualcompaniesandproductsmentionedhereinmaybethetrademarksoftheirrespectiveowners.
Introduction
ThisisadiscussionofhowResourceAccessControlFacility(RACF)securityworksinatypicalIBMMainframeMVS(z/OS)CICSsystemtodayasitisgenerallyusedinmostproductionshopsandthecomparablesecurityforprogramsrunningunderthetransactionmonitorservicesofMicrosoft®Windows®Server™2003.Theinformationislargelythesameforotherpopularmainframesecurityproducts,suchasACF2andTopSecretfromComputerAssociates.
PurposeandAudience
ThispaperiswrittenforIBMMainframesystemsprogrammers,architects,andothermainframeprofessionalswhoarefamiliarwithRACF-orACF2-basedsecuritywithCICSonMVSandz/OS,butwhoarenotcomparablyfamiliarwithsecurityinWindowsServer2003.
ManyusersformedtheirinitialimpressionsofWindowssecurityfrompersonalexperiencewithdesktopMicrosoftWindows3.xorWindows95/98.Thesewerenotsecureoperatingenvironments.EventhosewhouseWindowsXPoftenrun“wideopen”withfulladministrativeprivilegesforallusers,andarethereforenotawareofthe“lockdown”capabilitiesavailableintheWindowsServeranddesktopoperatingsystem,andmayneverhaveusedorbecomefamiliarwiththesecuritycapabilitiesinInternetInformationServices(IIS)-basedtransactionprocessing,MicrosoftSQLServer™databaseaccess,andothersareas.Thispapermayhelpreadersunderstandwhy,evenonhomecomputerWindowsXPsystems,theyshouldbeloggedonwithUserIDsthatdonothaveadministrativeprivileges.
Becausetheaudienceforthispaperiscurrentmainframeprofessionals,familiaritywithmainframe-specificterminologyisassumed.Formoreinformationonsomeofthetermsusedinthispaper,seethe“Terminology”sectioninthispaper.
WhatIsCICS?
ThissectionisprovidedforreadersthatdonotknowCICS.Ifyouareanexperiencedmainframeprofessional,youcanskipthissection.
CICS(originallyCustomerInformationControlSystem)isateleprocessingapplicationmonitoror“app-server”originallyintendedto:
∙Accepttransactioninputfromterminals.
∙Processthose“transactions”bycallingtheappropriateapplicationprogrambaseduponatransactioncodeincludedintheterminalinput.
∙ProvideAPIservicestothosecalledprograms(usingEXECCICScalls).
∙Send“responses”backtotheoriginatingterminal.
TodayCICSalsoacceptsprogram-to-program“calls”overthenetwork(fromCICSprogramsandothersources,includingMicrosoft’sHostIntegrationServer(currentlyHIS2004))androutesthemtotheappropriateCICSprogram.ThisfallswithinageneralnetworkprogramcallingcategorycalledAPPC(ApplicationProgramtoProgramCommunication).TodayCICSsupportsthepopularIBMhostprogrammingmodels.TheabilitytoexposeanXMLWebServicesinterfacethathasrecentlybeenadded.
ThefunctionofCICSiscomparabletoaWindowsIISserver:
takinginputmessagesfromtheIPnetworkandroutingthemtotheappropriateInternetServerapplicationprograms,callingthoseprogramswithaparticularsetofconventions,andexposingcallbackAPIsforusebythecalledprogramviatheInternetServerAPI(ISAPI).
TerminalConnectionstoz/OSTerminalApplications
Historically,circa1980,VirtualTelecommunicationsAccessMethod(VTAM)introducedtheabilitytodynamically“connect”SNAterminalstorunningVTAMapplications,ofwhichCICSbecameanexample.SNAisIBM’sSystemNetworkArchitecturewhichwasinbroadusageatthattime.Thiscreatedtheneedforindividualuseridentificationandauthorization.WiththeadventofsecurityfacilitiessuchasRACF,individualuser-basedidentificationandauthorizationbecamepossible.WhenusingaWindowsworkstationasamainframeclient,itisbestiftheWindowsdomaincredentialidentityoftheuserloggedontotheclientworkstationispassedthroughtoamainframelogon.Thisidealsinglesign-onissometimesachieved.Morecommonlyaseparatemainframelogonisrequired,whichmaybemanualorcarriedoutautomaticallybyafront-endprogramthatsitsbetweentheuserandthenowhiddenfromtheusermainframeterminalscreenimageresidentinapplicationprogramcomputermemory.
∙TherecanbemorethanoneCICSrunningonthesameMVSsystem.SeveralinstancesofCICScanrunthesameordifferentapplicationsfordifferentgroupsofusers.
∙TheIMSTransactionMonitor(IMS/TMandformerlyIMS/DC)andtheMVSTimeSharingOption(TSO)areexamplesofotherVTAMapplications.
CICSTerminalScreenChoice-basedAccessControl
CICSapplicationscommonlycontrolwhichtransactionsareavailable,atthecurrentterminallocationortotheidentifiedloggedonuser,bypresentingamenucontainingchoicesforonlythosetransactionswhichtheuserisauthorizedtouse.Thestarting“default”CICSapplicationprogramtypicallydisplaysamenuofoptions(transactions)availabletotheuser,forexample:
a.AccountBalanceinquiry.
b.AccountAddresschange.
c.AccountNameChange.
d.Opennewaccountforexistingcustomer.
e.Opennewaccountfornewcustomer.
f.Closecustomeraccount.
g.Closecustomer’slastaccount.
Eachoftheaboveoptionsrepresentsadifferenttransactionwhichmayormaynotbeprocessedbyitsownuniqueprogram.
Thismethodhasbeenusedasanassumedformof“role-basedsecurity,”withtheassumptionthatthemenuofoptionsinsuresthatonlytheappropriateperson(tellerversussupervisor)couldexecutethistransactionandperformactionsthatmightberead-onlyoranupdatetostoredinformation.
SecurityinMVSandz/OS
Notethatneitherz/OSnortheMVSfamilyofoperatingsystemsprovidessecurityaspartoftheoperatingsystem.TheyrelyonExternalSecurityManagers(ESMs)toprovidesecurity.Whentheoperatingsystemreceivesarequest,thatrequestisdivertedbytheSecurityAuthorizationFacility(SAF)withinz/OStoanESM.SAFdirectscontroltoeitherorboth:
∙AnESMsuchasRACForACF2.
∙Anorganizationsuppliedprocessingroutine.
RACFfromIBMisthemostcommonlyusedESM.OthersareACF2andTopSecret,bothcurrentlyavailablefromComputerAssociates.
Asoriginally