A Forensic Analysis of Security Events on System z, Without the Use of SMF Data
Project and Program:
Enterprise Data Center,
Security and Compliance
Tags:
Proceedings,
2015,
SHARE in Seattle 2015
This session will be a mixture of lecture using slides and a real time demonstration of the power of Vanguard Offline to provide forensic capabilities to discover who accessed, or attempted access, which resource on System Z with RACF. During the presentation the speaker will first disable SMF recording, then access resources where permissions both allow and deny the access attempt (again without SMF recording) and then show the audience the audit trail of those events.
The speaker will show the audience the RACF profiles that both allowed and denied the access, and modify them in real time to change the behavior of the system to prevent access that previously should have been denied, but was allowed.
If time permits, the speaker will show some of the other powerful reporting features of the product, such as how to identify every access request allowed via a Global Access Table, Universal Access or ID(*) in an access list.-Brian Marshall-Vanguard Integrity Professionals
Back to Proceedings File Library