Gaps in Your Defense: Hacking the Mainframe
0 likes632 views
This document summarizes a presentation about hacking mainframe systems. The presentation discusses how mainframes are still critical systems but are often assumed to be inherently secure. However, hackers have developed tools to scan for and attack mainframes connected to the internet or enterprise networks. The presentation provides examples of how hackers can use tools like Nmap, TN3270 emulation, and CICSpwn to profile mainframe systems, enumerate users and transactions, and potentially gain remote command line access. It recommends organizations go beyond just compliance and implement additional security measures like logging, monitoring, vulnerability scanning and penetration testing to optimize mainframe security.
Gaps in Your Defense: Hacking the Mainframe
- 1. World® ’16 Gaps in Your Defense: Hacking the Mainframe Philip Young - Co-Founder - ZedSec 390 MFT175S MAINFRAME AND WORKLOAD AUTOMATION
- 2. 2 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD © 2016 CA. All rights reserved. All trademarks referenced herein belong to their respective companies. The content provided in this CA World 2016 presentation is intended for informational purposes only and does not form any type of warranty. The information provided by a CA partner and/or CA customer has not been reviewed for accuracy by CA. For Informational Purposes Only Terms of this Presentation
- 14. 14 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD The ‘IMP’ § Started in 2013 § Tools: – MassScan – Nmap – Python – X3270 – Linux VPS § Database of 400+ mainframes https://mainframesproject.tumblr.com/ Internet Mainframes Project
- 20. 20 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Enterprises are Flat § Many large enterprises experienced a breach in 2015 § Flat networks § No firewall between “Corporate” network and mainframe
- 21. 21 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Hacking the Unhackable § From the network § No knowledge of the system § Steps – Gather information – Profile the system – Launch attacks Tools released/updated in 2015/2016
- 33. 33 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD What Can I Do? § Compliance is literally the start § Just because you’re compliant doesn’t mean: – The compliance rules are well done – Represent current threats – Match current baselines § Vulnerability Scanning?
- 34. 34 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Gap Assessment § Compare your requirements to a standard § How do you compare and contrast? § Who’s expertise are you relying on?
- 35. 35 © 2016 CA. ALL RIGHTS RESERVED.@CAWORLD #CAWORLD Go Beyond Compliance § zAssure? § Identifying Data Assets? § Logging and Monitoring? – zSecure – IronStream – Vanguard § Penetration Testing?