z/os Security - FTP Logon Failures



Similar documents
Lauraʹs Corner The CLEVER Solution: Working with Encrypted Data

AES will again be at SHARE in Anaheim occurring March 9-14, Details will follow on specific AES activities.

Lauraʹs Corner Overcoming Application Deployment Challenges

SECURE FTP CONFIGURATION SETUP GUIDE

DMZ Gateways: Secret Weapons for Data Security

2X SecureRemoteDesktop. Version 1.1

RFG Secure FTP. Web Interface

What IT Auditors Need to Know About Secure Shell. SSH Communications Security

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

Configure Backup Server for Cisco Unified Communications Manager

Ensuring the security of your mobile business intelligence

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

CA Performance Center

How to Access Coast Wi-Fi

Management, Logging and Troubleshooting

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX

Experian Secure Transport Service

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

MANAGED FILE TRANSFER: 10 STEPS TO HIPAA/HITECH COMPLIANCE

THE OPEN UNIVERSITY OF TANZANIA

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

fåíéêåéí=péêîéê=^çãáåáëíê~íçêûë=dìáçé

How Reflection Software Facilitates PCI DSS Compliance

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

Securing Corporate on Personal Mobile Devices

HP AppPulse Active. Software Version: 2.2. Real Device Monitoring For AppPulse Active

Five Ways to Improve Electronic Patient Record Handling for HIPAA/HITECH with Managed File Transfer

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

Connection Broker Managing User Connections to Workstations, Blades, VDI, and more. Security Review

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

Understanding the BlackBerry Enterprise Server Resource Kit Information Session

Malware Monitoring Service Powered by StopTheHacker

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s

Streamlining Web and Security

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

How to Use Remote Access Using Internet Explorer

Who Controls Your Information in the Cloud?

Directory and File Transfer Services. Chapter 7

IDS and Penetration Testing Lab ISA 674

Own your LAN with Arp Poison Routing

Advanced Configuration Steps

Connecting to the School of Computing Servers and Transferring Files

smartoci User Guide Secure FTP for Catalog Loads

Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014

How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac?

Cyan Networks Secure Web vs. Websense Security Gateway Battle card

How To Login To The Mft Internet Server (Mft) On A Pc Or Macbook Or Macintosh (Macintosh) With A Password Protected (Macbook) Or Ipad (Macro) (For Macintosh) (Macros

FREQUENTLY ASKED QUESTIONS

Securing and Managing Data Transmissions. 2010, Linoma Software. All rights reserved.

The Benefits of an Integrated Approach to Security in the Cloud

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

White Paper. BD Assurity Linc Software Security. Overview

Anchor End-User Guide

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Evolution from FTP to Secure File Transfer

Protecting Mainframe and Distributed Corporate Data from FTP Attacks: Introducing FTP/Security Suite

Secure Cross Border File Protection & Sharing for Enterprise Product Brief CRYPTOMILL INC

B database Security - A Case Study

Exporting IBM i Data to Syslog

Upgrading Redwood Engine Software. Version 2.0.x to 3.1.0

Installation Guides - Information required for connection to the Goldfields Institute s (GIT) Wireless Network

Accessing the FTP Server - User Manual

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

Client Training Manual

Remote Administration

AlienVault. Unified Security Management (USM) 5.1 Running the Getting Started Wizard

MOVEIT: SECURE, GUARANTEED FILE DELIVERY BY JONATHAN LAMPE, GCIA, GSNA

WHITE PAPER. Managed File Transfer: When Data Loss Prevention Is Not Enough Moving Beyond Stopping Leaks and Protecting

How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac?

User Management Guide

Mobile Admin Architecture

HP SiteScope software

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

Web Plus Security Features and Recommendations

Eduroam wireless network - Windows 7

SOOKASA WHITEPAPER SECURITY SOOKASA.COM

Web Application Vulnerability Testing with Nessus

Creating and Configuring Web Sites in Windows Server 2003

Last Updated July, 2014

10 Quick Tips to Mobile Security

Foglight for SQL Server Getting Started Guide

IIS, FTP Server and Windows

Today s Topics. Protect - Detect - Respond A Security-First Strategy. HCCA Compliance Institute April 27, Concepts.

Introduction to WSU


Beyond FTP: Securing and Managing File Transfers

Securing Ship-to-Shore Data Flow

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

Inspection of Encrypted HTTPS Traffic

U.S. Cellular Mobile Data Security. User Guide Version 00.01

Beyond the Hype: Advanced Persistent Threats

WHITE PAPER WHAT HAPPENED?

What Dropbox Can t Do For Your Business

4. Getting started: Performing an audit

Citrix Virtual Classroom. Deliver file sharing and synchronization services using Citrix ShareFile. Self-paced exercise guide

Transcription:

Page 1 of 5 CLEVER Solutions Empowering Global Enterprise z/os Security: FTP Logon Failures Dear Cathy, Does your business have a laissez faire attitude toward z/os security? Most companies do because the executives keep hearing that the z/os system can't be hacked. Historically internal security departments have not done a good job of including the z/os system in their evaluations, audits, and tests. Note that Black Hat, the premier hacker conference, has taken an interest in z/os, expanding the knowledge of hackers worldwide to the z/os environment. Our last communication on z/os IDS resulted in questions on other security topics. Let's look at FTP Logon Failures. Lauraʹs Corner z/os Security: FTP Logon Failures FTP Operation Both internal and external hackers try to find vulnerable systems that will give them access to business assets. Because of the idiosyncrasies of the z/os operating system, many security professionals believe it is more secure than other systems. This is a false sense of security because many of the applications running on z/os are the same applications that run on other operating systems like UNIX, Linux, and Windows. Does a hacker need to understand the operating system in order to gain access to a system? No! Let's look at FTP as an example. FTP is built on a client-server architecture and uses separate control and data connections between the client and the server. FTP users may authenticate themselves using a clear-text sign-in protocol, normally in the form of a username and password, but can connect anonymously if the server is configured to allow it. For secure transmission that protects the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS) or

Page 2 of 5 SSH File Transfer Protocol (SFTP) is sometimes also used instead, but is technologically different. FTP login utilizes a normal username and password scheme for granting access. The username is sent to the server using the USER command, and the password is sent using the PASS command. If the information provided by the client is accepted by the server, the server will send a greeting to the client and the session will commence. If the server supports it, users may log in without providing login credentials, but the same server may authorize only limited access for such sessions. Monitoring FTP Logon Failures How many of you consistently monitor your FTP logons for failures? Do you assume that it is just reporting users who forgot their password, left the keylock on, or were typing fast and hit an incorrect key? This may have been an acceptable assumption in the past, but today keeping old assumptions can result in high risk to the business. Pressures from external hackers trying to gain access to your systems and internal hackers (normally disgruntal employees) is growing. Remember it doesn't take a security guru to hack systems! Tools like Hydra, FTP Password Kracker, and Brutus are readily available for download. There is a 10 minute YOUTUBE video explaining how easy it is to hack an FTP system. In February of 2014 a group of hackers began distributing lists of over 7,000 FTP site credentials including the New York Times and UNICEF. Keep in mind that a hacker, especially an external hacker, is patient and it is not unusual for them to take months and sometimes years to gather information in order to launch an attack. Motive for a hacker to upload a file to your system Add malware to applications Add new HTML files that would change websites Embed links in email spam email Add malicious links to web sites redirecting web users to other sites Download business confidential files from the FTP server Monitoring the FTP Server Logon Failures can help identify anomalies which can be investigated further to determine if they are related to hacking or not. Important information to capture of a failed FTP Server Logon Field Why Should You Monitor Result Client User ID FTP Session ID Remote IP Address Understand who is attempting the FTP logon This is a critical piece of information for tracking purposes. Understand the origin of the logon request. If this a user who does not normally access this system this might be an indicator that they are accessing for malicious deeds. This piece of information can be followed through system logs and other management systems to follow the trail of this logon attempt. Is this coming from an internal or external user, which will impact the processes used in further investigation. If this is from a hacker,

Page 3 of 5 Reason for Failed Logon Session Terminated before password was entered Password is not valid Password has expired User ID has been revoked User does not have server access Excessive bad passwords User ID is unknown Recognize the progression of a hackers reconnaissance efforts. it will be critical to determine their location and bring them to justice. A hacker may go through a progression of steps starting with attempting to determine the User ID format used. While this is occurring you may see both the User ID is unknown and Session Terminated messages. Once a valid User ID is determined the password is not valid, password has expired, excessive bad passwords, or password is revoked may be seen. Once a complete User ID and Password is known you might see user does not have access. This information is needed over a potentially long period of time, so it must be kept and accessible during the investigation process. CleverView for TCP/IP provide this level of detail with both real time and historical views as shown below. Case Study In early 2014 it was reported that a group of hackers were circulating a list with thousands of FTP server credentials from business of all sizes. What is interesting is that these businesses did not know that hackers had been doing reconnaissance work on their system for quite some time, collecting user IDs and passwords in a variety of ways. Not all of the information was correct, but a significant amount was correct and included some very sophisticated password schemes. In some cases, hackers used the credentials to access FTP servers and upload malicious files. In other instances, they placed files on FTP servers that incorporate malicious links directing people to scam websites. Using monitoring and digital forensic techniques on FTP Server Logons should help more companies avoid getting on FTP hacker lists. Collecting this critical data over time with proper analytics will offer more protection for your corporation.

Page 4 of 5 CLEVER Solutions! CleverView for ctrace Analysis provides an impressive breadth of technical support capabilities while still maintaining a low TCO. As the collected information expands in a multi-architecture environment, the need to restrict viewable data is necessary to improve operator productivity. Its diagnostic capabilities allow companies to simplify trace collection, enhance diagnostic efforts, and accelerate virtualization deployment, all while reducing costs and improving service level performance. It is also used by IT forensic analysts to determine details on security breaches, like FTP breaches, in order to trace the attack to its origins. CleverView for TCP/IP helps performance analysts, operations personnel, knowledge workers, system programmers, and capacity planners effectively monitor performance, and plan for the future. Its superior performance monitoring makes it the ultimate choice for large z/os systems undergoing wide scale Business Services transformation. FTP Server Logon Failure messages can be captured and displayed with the SessionLog function. Real-time monitoring and alerts to potential problems with in-depth historical reporting of activity and trends, make CleverView for TCP/IP a performance, availability and security management tool. Need More Information? If you would like more information on CLEVER Solutions, please visit our Website. If you are interested in setting up an interactive Webinar, or would like to schedule a free 30-day trial, click on the highlighted area to fill out a web based request form, send us an email, or call us at (650) 617-2400 or (650)-617-2401. To ensure you receive future editions of the AES Newsletter, simply add news@aesclever.com to your email address book. CleverView, CLEVER, CLEVER Mobile, CLEVER TCP/IP, CLEVER eroute, CLEVER ctrace, CLEVER Buffer, CLEVER Web, CLEVER/SNA and CLEVER eperformance are registered trademarks of Applied Expert Systems, Inc. CLEVERDetect is a trademark of Applied Expert Systems, Inc. The IBM logo, Business Partner emblem, zenterprise, z/os, and z/vm are trademarks of International Business Machines Corporation in the United States, other countries, or both. The HP Business Partner logo is a trademark of Hewlett-Packard Development Company, L.P. The Red Hat Ready ISV Partner logo is a trademark of Red Hat, Inc. in the U.S. and other countries. Used under license. The Novell PartnerNet Silver Partner logo is a trademark of Novell, Inc. in the

Page 5 of 5 U.S. and other countries. Microsoft and the Microsoft Partner Network logo are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Android is a trademark of Google Inc. BlackBerry, RIM, Research In Motion, SureType, SurePress and related trademarks, names and logos are the property of Research In Motion Limited and are registered and/or used in the U.S. and countries around the world. Used under license from Research In Motion Limited. ios is a trademark or registered trademark of Cisco in the U.S. and other countries and is used by Apple under license. All other trademarks are the property of their respective owners. Forward email This email was sent to news@aesclever.com by news@aesclever.com Update Profile/Email Address Rapid removal with SafeUnsubscribe Privacy Policy. AES 149 Commonwealth Drive Menlo Park CA 94025

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information