Presentation is loading. Please wait.

Presentation is loading. Please wait.

IBM Z Dataset Encryption:

Published byRenate Endresen Modified over 5 years ago

Similar presentations

Presentation on theme: "IBM Z Dataset Encryption:"— Presentation transcript:

1 IBM Z Dataset Encryption:
How to use encryption to prevent access from other LPAR? IBM Client Center Montpelllier – Arnaud MANTE / © 2017 IBM Corporation November 22,

2 The problem: The solution:
If you are using DASD encryption, your data are safe if someone stoles the physical DASD. But, if someone can access the DASD (maybe from a mistake during the IODF configuration) from another z/OS system/LPAR, the DASD encryption is totally ineffective. The person can read the data, copy or make a dump, and stole your data! And RACF will not protect your data, because, from another LPAR, you are not connected to the RACF database, so you can bypass it! The solution: To prevent this, data set encryption is a solution, because from another LPAR, you don’t have access to the key to decrypt data! So even if you can access the DASD via the VTOC, you can copy the data, but never read it! IBM Client Center Montpelllier – Arnaud MANTE / © 2017 IBM Corporation – November 22,

3 The scenario for this test:
We have two systems: The “good” one: The spy one: In normal situation, only the “good” one can see the data on the volser. But, due to an IODF mistake, both have access to the volser: K30S01 where is the confidential data set: MPLBANK.SECRET.DATA IBM Client Center Montpelllier – Arnaud MANTE / © 2017 IBM Corporation – November 22,

4 The scenario for this test:
See the data set from the “good” system Verify no encryption Access and read the data set from the “spy” system Encrypt from the “good” system Verify the encryption from the “good” system Access the data set from the “spy” system Check the result… IBM Client Center Montpelllier – Arnaud MANTE / © 2017 IBM Corporation – November 22,

5 We are on the “good” system.
Our important data set is this one. You can see the DASD: K30S01

6 From the “good” system, we verify if this data set is encrypted or not.
We use the command: LISTC EN(/) ALL

7 From the “good” system, we can verify that there is no encryption!!

8 From the “good” system, we can read the data set.
At the bottom of the 32x70 screen, check the IP: We are on the “good” system!

9 You can see the different IP!
Now, from the “spy” system, we will access the data set by enter the volume serial. You can see the different IP!

10 So, from the “spy” system, the data set is here!
We will try to access the data inside with a “view”.

11 From the “spy” system, we can read the data inside the data set!!
Your data are now stolen!!!

12 Encryption of the dataset: MPLBANK.SECRET.DATA
from the “good” system. IBM Client Center Montpelllier – Arnaud MANTE / © 2017 IBM Corporation – November 22,

13 Now, from the “good” system, we encrypt the confidential data set.
We can verify that this data set is encrypted. We use the command: LISTC EN(/) ALL

14 From the “good” system, check the IP, we can still read the data!

15 And, because it is encrypted, it is impossible to read!!!
Now, from the “spy” system (check the IP), we try to view the data set. And, because it is encrypted, it is impossible to read!!! Your data is now protected by the IBM Z data set encryption!

16 Other documents available from my personal experience and implementation of data set encryption at the Montpellier Client Center environment at the ATS / New Technology Center: Volume 1: A technical document about the installation and configuration of data set encryption on z/OS. This document (especially for beginner) starts from the configuration of the crypto card via the HMC to the final customization (PARMLIB, ICSF…). You tube video: to explain all the process of the different keys involved in the data set encryption process Presentation: A power point presentation to explain the keys process. This presentation is the support of the video. IBM Client Center Montpelllier – Arnaud MANTE / © 2017 IBM Corporation – November 22,

Download ppt "IBM Z Dataset Encryption:"

Similar presentations

34 42 49 51 53 55 57 63 67 69 71 73 77 83 Given Connections Solution 1 2 3 4 5 6 95.

Given Connections Solution
Chapter 18: Security on z/OS

Chapter 18: Security on z/OS
Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.

Firewalls and VPNS Team 9 Keith Elliot David Snyder Matthew While.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004
November 2009 Network Disaster Recovery October 2014.

November 2009 Network Disaster Recovery October 2014.
Getting started with for students before you register Make sure you have: an active e-mail account Internet browser installed on your computer Student.

Getting started with for students before you register Make sure you have: an active account Internet browser installed on your computer Student.
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
Data Center Infrastructure

Data Center Infrastructure
© 2006 Avaya Inc. All rights reserved. Avaya – Proprietary & Confidential. For Limited Internal Distribution. The information contained in this document.

© 2006 Avaya Inc. All rights reserved. Avaya – Proprietary & Confidential. For Limited Internal Distribution. The information contained in this document.
ATM/POS INTEGRATION INTORDUCTION

ATM/POS INTEGRATION INTORDUCTION
Malicious Attack Corporate Awareness and Walk through Date 29 September 2011.

Malicious Attack Corporate Awareness and Walk through Date 29 September 2011.
User Access to Router Securing Access.

User Access to Router Securing Access.
Packet Capture and Analysis: An Introduction to Wireshark 1.

Packet Capture and Analysis: An Introduction to Wireshark 1.
Security fundamentals Topic 5 Using a Public Key Infrastructure.

Security fundamentals Topic 5 Using a Public Key Infrastructure.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
PGP Key Management Basic Principals AfNOG 2007 April 26, 2007 Abuja, Nigeria Hervey Allen.

PGP Key Management Basic Principals AfNOG 2007 April 26, 2007 Abuja, Nigeria Hervey Allen.
Installing the ALSMS Software on a Windows Platform Configuration Example Alcatel-Lucent Security Products Configuration Example Series.

Installing the ALSMS Software on a Windows Platform Configuration Example Alcatel-Lucent Security Products Configuration Example Series.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
© 2014 IBM Corp. TSM Data Protection for Virtual Environments: Hyper-V Suite.

© 2014 IBM Corp. TSM Data Protection for Virtual Environments: Hyper-V Suite.

Similar presentations

Ads by Google