RACFCICS.docx

RACFCICS.docx

《RACFCICS.docx》由会员分享，可在线阅读，更多相关《RACFCICS.docx（18页珍藏版）》请在冰豆网上搜索。

RACFCICS

RACFandCommonCICSSecurity

WinHEC2005Update-April20,2005

Abstract

ThispaperprovidesanunderstandingofhowthesecurityprovidedbytheMicrosoft®Windows®Server™System,andinparticulartheWindowsServer2003operatingsystem,compareswiththesecurityavailablefromIBMResourceAccessControlFacility（RACF）anditsthird-partyalternatives,andhowitiscommonlyusedinIBMCustomerInformationControlSystem（CICS）TransactionServer.BothproductsaredesignedforIBM’smainframez/OSoperatingsystems,anditspredecessors,suchasOS/390.

Thisinformationappliesforthefollowingoperatingsystems:

MicrosoftWindowsServer2003

MicrosoftWindowsXP

MicrosoftWindows2000

ItalsoappliesforthefollowingWindowsServerSystemproducts:

MicrosoftSQLServer™2000

MicrosoftWindowsHostIntegrationServer（HIS）2004

GeneralinformationonsecurityintheWindowsServeroperatingsystemcanbefoundat

ThecurrentversionofthispaperismaintainedontheWebat

Contents

Introduction3

PurposeandAudience3

WhatIsCICS?

3

TerminalConnectionstoz/OSTerminalApplications3

CICSTerminalScreenChoice-basedAccessControl4

SecurityinMVSandz/OS4

TerminalUnit-BasedIdentification5

PresetTerminal-BasedSecurity5

IndividualUserIdentificationtoCICSandWindowsServer5

TransactionandProgramAccessControl6

DataAccessControl7

DataAccessControlwithRACFandDB2onaMainframe7

DataAccessControlintheWindowsServerSystemandSQLServer7

BatchApplications:

ProgramAccessControl8

WhatCICSDoesNotProtect9

ProtectionandSecurityofCICS9

CICSandWindowsServerSecuritySummaryComparison9

ConclusionandNextSteps10

Terminology11

Resources11

Disclaimer

Thisisapreliminarydocumentandmaybechangedsubstantiallypriortofinalcommercialreleaseofthesoftwaredescribedherein.

TheinformationcontainedinthisdocumentrepresentsthecurrentviewofMicrosoftCorporationontheissuesdiscussedasofthedateofpublication.BecauseMicrosoftmustrespondtochangingmarketconditions,itshouldnotbeinterpretedtobeacommitmentonthepartofMicrosoft,andMicrosoftcannotguaranteetheaccuracyofanyinformationpresentedafterthedateofpublication.

ThisWhitePaperisforinformationalpurposesonly.MICROSOFTMAKESNOWARRANTIES,EXPRESS,IMPLIEDORSTATUTORY,ASTOTHEINFORMATIONINTHISDOCUMENT.

Complyingwithallapplicablecopyrightlawsistheresponsibilityoftheuser.Withoutlimitingtherightsundercopyright,nopartofthisdocumentmaybereproduced,storedinorintroducedintoaretrievalsystem,ortransmittedinanyformorbyanymeans（electronic,mechanical,photocopying,recording,orotherwise）,orforanypurpose,withouttheexpresswrittenpermissionofMicrosoftCorporation.

Microsoftmayhavepatents,patentapplications,trademarks,copyrights,orotherintellectualpropertyrightscoveringsubjectmatterinthisdocument.ExceptasexpresslyprovidedinanywrittenlicenseagreementfromMicrosoft,thefurnishingofthisdocumentdoesnotgiveyouanylicensetothesepatents,trademarks,copyrights,orotherintellectualproperty.

©2005MicrosoftCorporation.Allrightsreserved.

ActiveDirectory,Microsoft,MSDN,MS-DOS,Win32,Windows,WindowsNT,andWindowsServerareeitherregisteredtrademarksortrademarksofMicrosoftCorporationintheUnitedStatesand/orothercountries.

Thenamesofactualcompaniesandproductsmentionedhereinmaybethetrademarksoftheirrespectiveowners.

Introduction

ThisisadiscussionofhowResourceAccessControlFacility（RACF）securityworksinatypicalIBMMainframeMVS（z/OS）CICSsystemtodayasitisgenerallyusedinmostproductionshopsandthecomparablesecurityforprogramsrunningunderthetransactionmonitorservicesofMicrosoft®Windows®Server™2003.Theinformationislargelythesameforotherpopularmainframesecurityproducts,suchasACF2andTopSecretfromComputerAssociates.

PurposeandAudience

ThispaperiswrittenforIBMMainframesystemsprogrammers,architects,andothermainframeprofessionalswhoarefamiliarwithRACF-orACF2-basedsecuritywithCICSonMVSandz/OS,butwhoarenotcomparablyfamiliarwithsecurityinWindowsServer2003.

ManyusersformedtheirinitialimpressionsofWindowssecurityfrompersonalexperiencewithdesktopMicrosoftWindows3.xorWindows95/98.Thesewerenotsecureoperatingenvironments.EventhosewhouseWindowsXPoftenrun“wideopen”withfulladministrativeprivilegesforallusers,andarethereforenotawareofthe“lockdown”capabilitiesavailableintheWindowsServeranddesktopoperatingsystem,andmayneverhaveusedorbecomefamiliarwiththesecuritycapabilitiesinInternetInformationServices（IIS）-basedtransactionprocessing,MicrosoftSQLServer™databaseaccess,andothersareas.Thispapermayhelpreadersunderstandwhy,evenonhomecomputerWindowsXPsystems,theyshouldbeloggedonwithUserIDsthatdonothaveadministrativeprivileges.

Becausetheaudienceforthispaperiscurrentmainframeprofessionals,familiaritywithmainframe-specificterminologyisassumed.Formoreinformationonsomeofthetermsusedinthispaper,seethe“Terminology”sectioninthispaper.

WhatIsCICS?

ThissectionisprovidedforreadersthatdonotknowCICS.Ifyouareanexperiencedmainframeprofessional,youcanskipthissection.

CICS（originallyCustomerInformationControlSystem）isateleprocessingapplicationmonitoror“app-server”originallyintendedto:

∙Accepttransactioninputfromterminals.

∙Processthose“transactions”bycallingtheappropriateapplicationprogrambaseduponatransactioncodeincludedintheterminalinput.

∙ProvideAPIservicestothosecalledprograms（usingEXECCICScalls）.

∙Send“responses”backtotheoriginatingterminal.

TodayCICSalsoacceptsprogram-to-program“calls”overthenetwork（fromCICSprogramsandothersources,includingMicrosoft’sHostIntegrationServer（currentlyHIS2004））androutesthemtotheappropriateCICSprogram.ThisfallswithinageneralnetworkprogramcallingcategorycalledAPPC（ApplicationProgramtoProgramCommunication）.TodayCICSsupportsthepopularIBMhostprogrammingmodels.TheabilitytoexposeanXMLWebServicesinterfacethathasrecentlybeenadded.

ThefunctionofCICSiscomparabletoaWindowsIISserver:

takinginputmessagesfromtheIPnetworkandroutingthemtotheappropriateInternetServerapplicationprograms,callingthoseprogramswithaparticularsetofconventions,andexposingcallbackAPIsforusebythecalledprogramviatheInternetServerAPI（ISAPI）.

TerminalConnectionstoz/OSTerminalApplications

Historically,circa1980,VirtualTelecommunicationsAccessMethod（VTAM）introducedtheabilitytodynamically“connect”SNAterminalstorunningVTAMapplications,ofwhichCICSbecameanexample.SNAisIBM’sSystemNetworkArchitecturewhichwasinbroadusageatthattime.Thiscreatedtheneedforindividualuseridentificationandauthorization.WiththeadventofsecurityfacilitiessuchasRACF,individualuser-basedidentificationandauthorizationbecamepossible.WhenusingaWindowsworkstationasamainframeclient,itisbestiftheWindowsdomaincredentialidentityoftheuserloggedontotheclientworkstationispassedthroughtoamainframelogon.Thisidealsinglesign-onissometimesachieved.Morecommonlyaseparatemainframelogonisrequired,whichmaybemanualorcarriedoutautomaticallybyafront-endprogramthatsitsbetweentheuserandthenowhiddenfromtheusermainframeterminalscreenimageresidentinapplicationprogramcomputermemory.

∙TherecanbemorethanoneCICSrunningonthesameMVSsystem.SeveralinstancesofCICScanrunthesameordifferentapplicationsfordifferentgroupsofusers.

∙TheIMSTransactionMonitor（IMS/TMandformerlyIMS/DC）andtheMVSTimeSharingOption（TSO）areexamplesofotherVTAMapplications.

CICSTerminalScreenChoice-basedAccessControl

CICSapplicationscommonlycontrolwhichtransactionsareavailable,atthecurrentterminallocationortotheidentifiedloggedonuser,bypresentingamenucontainingchoicesforonlythosetransactionswhichtheuserisauthorizedtouse.Thestarting“default”CICSapplicationprogramtypicallydisplaysamenuofoptions（transactions）availabletotheuser,forexample:

a.AccountBalanceinquiry.

b.AccountAddresschange.

c.AccountNameChange.

d.Opennewaccountforexistingcustomer.

e.Opennewaccountfornewcustomer.

f.Closecustomeraccount.

g.Closecustomer’slastaccount.

Eachoftheaboveoptionsrepresentsadifferenttransactionwhichmayormaynotbeprocessedbyitsownuniqueprogram.

Thismethodhasbeenusedasanassumedformof“role-basedsecurity,”withtheassumptionthatthemenuofoptionsinsuresthatonlytheappropriateperson（tellerversussupervisor）couldexecutethistransactionandperformactionsthatmightberead-onlyoranupdatetostoredinformation.

SecurityinMVSandz/OS

Notethatneitherz/OSnortheMVSfamilyofoperatingsystemsprovidessecurityaspartoftheoperatingsystem.TheyrelyonExternalSecurityManagers（ESMs）toprovidesecurity.Whentheoperatingsystemreceivesarequest,thatrequestisdivertedbytheSecurityAuthorizationFacility（SAF）withinz/OStoanESM.SAFdirectscontroltoeitherorboth:

∙AnESMsuchasRACForACF2.

∙Anorganizationsuppliedprocessingroutine.

RACFfromIBMisthemostcommonlyusedESM.OthersareACF2andTopSecret,bothcurrentlyavailablefromComputerAssociates.

Asoriginally