|
HIGHLIGHTS
o Provides a basis for granular and flexible security solutions
based on unique enterprise security policies and objectives.
o Extends business controls for an enterprise's assets with
expanded audit capability, better control over privileged users,
and stronger isolation to facilitate business alliances.
o Allows dynamic customizing and "fine tuning" of security
enforcement by providing granular minimum to maximum security
options.
o Expands the enterprise's ability to control sensitive information
by protecting more resources and providing more control of
processing options.
o Simplifies security policy implementation and administration by
automating processes and providing more security default
protection.
o Offers security expertise to enterprises through a variety of
consulting, education, and implementation options.
DESCRIPTION
In today's business environment, information is one of the
most valuable resources. The protection of enterprise information is
essential in maintaining an organization's competitive edge. Each
enterprise needs to appraise the value of its data, determine
potential security threats, and develop an appropriate security
policy. IBM provides education, consultation, services and products
help in this process. The following defines the basic security
facilities.
SYSTEM INTEGRITY
System integrity is an important characteristic of IBM's MVS
and VM operating systems. While there are precise definitions of
system integrity which differ for each system, in general terms,
system integrity is the ability of an operating system to prevent the
circumvention or bypassing of its security mechanisms. IBM continues
to accept APARs (Authorized Program Analysis Reports) that describe
exposures to the system integrity of MVS and VM.
Today, IBM is announcing the acceptance of Security APARs for
MVS and VM and for IBM products which run on these systems. Security
APARs are for reporting problems in existing security mechanisms
where the problem descriptions do not meet the precise definition of
system integrity for a particular system, but do constitute an
exposure to the security of the system as a whole or to an IBM
product which runs on the system.
SECURITY FACILITIES
A secure enterprise system contains a set of distinct security
facilities, working in combination, to provide a secure environment.
These fundamental security facilities are defined as:
o Identification and authentication of users
o Access control for protected information
o Confidentiality to prevent information disclosure
o Data integrity to detect data modification
o Security management facilities to administer and audit security.
IBM is committed to providing secure computing environments,
as described in the following sections:
IDENTIFICATION AND AUTHENTICATION
Users can identify themselves to the system and prove their identity
by supplying one or more of the following:
o Something the user knows (password values)
o Something the user has (key, token, smart card, etc.)
o Something the user is (biometrics such as signature dynamics)
Authenticated user identification provides the basis for
additional security functions, for example, access control and
auditing. Thus, installations can implement a policy of individual
accountability.
IBM currently provides passwords across a wide range of
systems, applications, and subsystems. On MVS and VM, RACF working
in combination with NetView (TM)/Access Services provides a single
sign-on point for terminal users to access multiple systems and
applications. Additionally, users of the current versions of OS/2
(R) Extended Edition and the IBM PC LAN Program are provided a single
signon point for access to files, printers, applications, and serial
device resources controlled by one or more OS/2 LAN Servers.
NEW IDENTIFICATION AND AUTHENTICATION SUPPORT:
o In MVS and VM environments, RACF can now be used to provide
authentication support for LU 6.2 sessions. See IBM Programming
Announcement 289-584, dated October 24, 1989.
o Authentication of remote RJE/RJP station userids will be provided
by JES and RACF. See IBM Programming Announcement 289-580, dated
October 24, 1989.
o Identification and authentication facilities are extended to
MVS/ESA (TM) console operators. See IBM Programming Announcement
289-580, dated October 24, 1989.
o OS/400 (TM) has extended the user password facilities and now
supports the expiration of passwords and optional rules to
control password content. In addition, OS/400 provides system
specified user time-out for inactive workstations. See IBM
Programming Announcement 289-317, dated June 20, 1989.
o Workstation users can be authenticated via a PIN or signature
dynamics, using the IBM 4754 Security Interface Unit with the IBM
Personal Security Card (chip card) or the IBM Signature
Verification feature. See IBM Product Announcement 189-174,
dated October 24, 1989.
IBM will continue to evaluate user authentication support as
biometric and other technologies evolve.
(R) Registered trademark of International Business Machines
Corporation.
(TM) Trademark of International Business Machines Corporation.
ACCESS CONTROL
Access control allows the installation to provide different levels of
protection for resources based on business value. Depending on the
environment, the resource owner can specify who can access the
information, how it can be accessed, when it can be accessed, and
under what conditions it can be accessed (for example, when executing
specific applications, programs, or transactions).
IBM currently offers a wide range of basic access control
facilities across a variety of environments such as MVS, VM, OS/400,
OS/2 LAN Server, AIX (TM), IMS, CICS, DB2 (TM), SQL/DS, and VTAM.
These facilities allow protection of system, application, and user
resources such as data sets, files, volumes, tapes, minidisks,
databases, transactions, programs, commands, and the vector facility.
NEW ACCESS CONTROL SUPPORT:
o Access control is extended to new MVS resources, including
operator commands, spool files, messages, printers, and
hiperbatch. See IBM Programming Announcement 289-580, dated
October 24, 1989.
o Access control is extended to new VM
resources, including files of the shared file system, messages,
and spool files. See IBM Programming Announcement 289-584, dated
October 24, 1989.
o MVS and VM installations can use the new RACF support for
sensitivity labels and categories to implement a wide variety of
enterprise security policies. See IBM Programming Announcement
289-584, dated October 24, 1989.
o Installations can use new support in JES to conditionally accept
jobs and printing based on the node from which it is received.
For NJE networks which do not have a homogeneous user
identification or security labeling scheme, a translation
mechanism is provided. See IBM Programming Announcement 289-580,
dated October 24, 1989.
o DB2 Version 2 Release 2 extends distributed relational DB2
security support across multiple MVS environments by supporting
end user name translation and password propagation. See IBM
Programming Announcement 289-469, dated September 19, 1989.
o CICS/ESA Version 3 Release 1 enhances its use of RACF by
providing the capability of applying granular access control to
all system programming commands. See IBM Programming
Announcement 289-305, dated June 20, 1989.
IBM systems will continue to evaluate new access control
support for additional types of resources and additional levels of
granularity.
CONFIDENTIALITY
Confidentiality protects an enterprise's sensitive information from
disclosure. When it is stored locally, sensitive data can be
protected by access controls or encryption mechanisms. For network
communication security, sensitive data can be encrypted as it is
transmitted from system to system.
IBM currently supports the Data Encryption Algorithm (DEA) of
the Data Encryption Standard (DES) for session encryption,
authentication information (PINS, passwords), files, and
application-specific requests. IMS and DB2 permit the use of DEA
through user exits. Other examples of IBM environments which support
confidentiality include VTAM, IBM 4700, 3848/CUSP, PCF, IPS, OS/400,
and System/88.
NEW CONFIDENTIALITY SECURITY SUPPORT:
o It is IBM's intent that VTAM will support session-level mandatory
encryption (the encryption of all messages that flow on a
session) and selective data encryption for LU 6.2 application
programs.
o It is IBM's intent that in an XRF environment, VTAM will support
cryptography for active and backup sessions. If a failure of the
active system should occur, the sessions using cryptography can
be switched from the active to the alternate system.
o Encryption and decryption capabilities are provided via a new set
of consistent services. Initially this support is available with
the IBM 4753 Network Security Processor and the IBM 4753 MVS
Support Program (5706-028). See IBM Product Announcement 189-171
and IBM Programming Announcement 289-585, dated October 24, 1989.
o The IBM 4753 Network Security Processor provides Data Encryption
Algorithm (DEA/DES) cryptographic support to systems requiring
secure transaction processing and other cryptographic services on
a System/370 MVS host system. It is designed to be used for
cryptographic transaction processing in a network. Workstation
encryption and decryption are provided by the IBM 4754 Security
Interface Unit and the IBM 4755 Cryptographic Adapter. See IBM
Product Announcements 189-171 and 189-174, dated October 24,
1989.
IBM will continue to evaluate new confidentiality support
based on data encryption services. Additionally, IBM will continue
to participate on ISO standards committees working to develop
encryption standards.
DATA INTEGRITY
Data integrity provides detection of the unauthorized modification of
data. Enterprises must allow the usage of data, by authorized users
and applications locally or remotely where the information resides,
as well as the transmission of data for remote processing. Data
integrity facilities can indicate whether information has been
altered.
IBM currently offers basic hardware checking internally on all
of its processors in support of data integrity, such as cyclic
redundancy checking and parity checking. In the network
communications environment, IBM supports message authentication
checking, for instance on the IBM 4700.
NEW DATA INTEGRITY ANNOUNCEMENT SUPPORT:
o It is IBM's intent that VTAM will support session-level mandatory
encryption (the encryption of all messages that flow on a
session) and selective data encryption for LU 6.2 application
programs.
o Message Authentication Code generation and verification
capabilities are provided by a new set of consistent services.
This support can provide a base for data integrity services in a
network environment. Initially host support is available with
the IBM 4753 Network Security Processor MVS Support Program
5706-028. See IBM Programming Announcement 289-585, dated
October 24, 1989.
o Workstation data integrity support is provided by the IBM 4754
Security Interface Unit and the IBM 4755 Cryptographic Adapter.
See IBM Product Announcements 189-171 and 189-174, dated
October 24, 1989; and IBM Programming Announcement 289-585 dated
October 24, 1989.
IBM will continue to evaluate new data integrity services for
non-repudiation, digital signatures, callable services, and enhanced
key management as technology evolves.
SECURITY MANAGEMENT
Security management is the administration, control, and review of an
enterprise's security policy. Security managers make use of
procedures and system security facilities to implement policies
consistent with the enterprise objectives. System auditability can
provide checks and balances on the privileged users and
administrators to ensure that security management policies are
enforced.
Currently, IBM provides capabilities for security management
in MVS, VM, TSO, CICS, IMS, DB2, SQL/DS, VTAM, NetView/Access
Services, DFSMS, OS/400, System/38 CPF, OS/2 (R) LAN Manager, OS/2
LAN Server, and AIX. Additional auditing facilities are available
with the RACF Report Writer, RACF Data Security Monitor, and DB2
Performance Monitor (DB2PM).
New Security Management Announcement Items:
o Currently, RACF offers user enrollment for TSO, VM, IMS, DB2 and
DFSMS. In addition, CICS operator data, currently held in the
signon table, will be moved out of CICS tables to the user
information maintained by RACF (or equivalent security package).
For more information, see the Statement of Direction in IBM
Programming Announcement 289-305 dated June 20, 1989.
o MVS/ESA extends auditing support to journal operator actions,
actions by surrogate users, and selective audit based on the
installation defined sensitivity of labelled resources. See IBM
Programming Announcements 289-580 and 289-584, dated October 24,
1989.
o RACF/VM provides new security administration and auditing
options. An installation may optionally tailor RACF command
syntax to its environment through the use of new REXX EXECs and
IBM-supplied code. RACF/VM journaling is extended to log
operator actions (based on operator userid), actions by surrogate
users, and selective events based on the installation-defined
sensitivity of labelled resources. A highly granular selective
audit capability tailorable by individual userids has been added
to VM/SP environments via RACF support. See IBM Programming
Announcements 289-582 and 289-584, dated October 24, 1989.
o IBM's National Service Division (NSD) offers security consulting
services to perform system penetration testing and system site
security review, assist with project planning and risk analysis,
and implement RACF security solutions. For further information,
contact your IBM marketing representative.
o IBM's System Integration Division (SID) offers skills, services
and computer-assisted auditing tools to support enterprise audit
and business control executives in evaluating the control and
compliance posture of their key business processes. For further
information on the Computer-Assisted Auditing Tools and
Techniques Services Offering, contact your IBM marketing
representative.
o NSD announces the limited availability of the IBM Business
Recovery Services offering. This offering provides operations
and services in the event of a disaster through IBM Business
Recovery Services Centers. This includes testing, planning,
education, support services, network and computing center
facilities. For more information, see IBM Marketing Announcement
389-154, dated October 3, 1989.
IBM will continue to evaluate new security management and
audit functions consistent with appropriate system management
capabilities.
MEASURES USED TO PROTECT AGAINST HARMFUL CODE
The threat of harmful code (viruses, worms) to the information assets
of all computer users is of growing concern to IBM. As a result, IBM
has instituted broad measures to protect IBM products from
contamination by unauthorized code and to provide technology and
information to non-IBM groups working on security-related issues.
In general, IBM products are developed under formally
controlled processes, which include: formal specifications, detailed
test plans, assurance reviews, and inspections of code and test
cases. In addition, virus detection tools and anti-virus procedures
are used prior to code shipment in order to prevent the spread of
known microcomputer viruses.
Protection against unauthorized code entering a system during
and after installation requires that all owners of information
systems develop a comprehensive security policy, educate employees
and users about secure computing practices, and administer the policy
and practices.
Within IBM, security policy and practices are augmented by
security facilities implemented on IBM's internal systems. These
same security facilities are used to protect users and data on IBM's
Information Network. See the IBM Information Network Security
Bulletin (GC34-2206).
NEW MEASURES:
o IBM has established a High Integrity Computing Lab in its T. J.
Watson Research Center at Hawthorne, N.Y., to research issues of
integrity in complex, distributed systems and transfer the
skills, information, and technology to IBM products and the
industry at large.
o IBM provides assistance to customers in many aspects of secure
computing based on IBM's own internal security programs and
expertise. In addition, IBM plans to provide selected tools,
sample code, and information based on IBM experience in
preventing, detecting, and recovering from known computer viruses
and worms. For further information, contact your IBM marketing
representative.
o IBM's new cryptographic products offer customers powerful
facilities for protecting the integrity of high-value data and
programs. Additional information is provided in the
Confidentiality and Data Integrity sections of this document.
IBM products and the processes used for development and
manufacturing will continue to be evaluated and improved over time as
more is understood about malicious code and corresponding
counter-measures.
UNITED STATES DEPARTMENT OF DEFENSE SECURITY
IBM's objective is to provide systems that are designed to meet the
current interpretations of the various levels of security criteria as
defined in the United States Department of Defense publication
"Trusted Computer System Evaluation Criteria."
Complete systems, composed of several products, including a
major operating system and a security monitor, are required for each
Trusted Computer Base. The full set of products comprising each
Trusted Computer Base is defined in the referenced announcements.
IBM has designed functions to meet the criteria and
implemented the following currently available product support:
o An MVS/XA (TM) and RACF-based Trusted Computer Base has completed
evaluation at the C2 level. See Evaluated Products List Serial:
CSC-EPL-88/003, dated June 15, 1988.
o A VM/SP and RACF-based Trusted Computer Base, with or without
High Performance Option (HPO), is generally available for use at
the C2 level. See IBM Programming Announcements 288-657 and
288-665, dated November 15, 1988, for the full Trusted Computer
Base content.
o A VM/XA (TM) and RACF-based Trusted Computer Base is generally
available for use at the C2 level. See IBM Programming
Announcements 289-349, dated July 6, 1989; and 289-340, dated
June 27, 1989, for complete Trusted Computer Base definition. It
continues to be IBM's intent to provide the functions designed to
meet the currently defined B1 criteria for VM large systems
customers. The Trusted Computer Base (specific software
products, processor models, and peripherals) will be defined at a
later date for possible initiation of formal National Computer
Security Center (NCSC) evaluation by December 1990.
NEW TRUSTED SYSTEMS ANNOUNCEMENTS:
o An MVS/ESA and RACF-based Trusted Computer Base that is designed
to meet the B1 criteria will be available for use. See IBM
Programming Announcement 289-583, dated October 24, 1989.
o A VM/SP and RACF-based Trusted Computer Base, with or without
HPO, that is designed to meet the B1 criteria will be available
for use. See IBM Programming Announcement 289-582, dated
October 24, 1989, for complete Trusted Computer Base definition.
o IBM intends to offer future versions of AIX designed to meet the
mandatory access control policies defined by the current criteria
for B1 level systems. The Trusted Computer Base definitions
(specific software products, processor models, and peripherals)
will be provided at a later date.
IBM endorses the concept of the National Computer Security Center
(NCSC) Ratings Maintenance Program in order to keep its evaluated
systems as current as possible. In addition, IBM will continue to
evaluate additional controls in our system, network, data base,
application, and virtual machine monitor offerings.
IBM systems that are designed to meet Department of Defense (DoD) C2
and B1 criteria may be accredited for use in system high and
compartmented mode operating environments, as described in the
"Industrial Security Manual for Safeguarding Classified Information"
(DoD 5220.22-M). These industrial security requirements are
applicable to all contractors, subcontractors, and suppliers who have
access to classified information, as well as specified Federal
Government departments and agencies.
USER GROUP REQUIREMENTS
Many items in this announcement address issues raised in two strategy
papers from GUIDE and SHARE. IBM has responded positively to these
papers, and these announcements represent IBM's continued commitment
to provide our customers with the security facilities which meet
their needs.
The GUIDE paper is entitled "Future Direction for an Information
Security Architecture," presented at GUIDE 65 in session number
PM-7241 and entered as GUIDE requirement number GD9STR85001. The
SHARE paper is entitled "Security Requirements for IBM Developed
Program Products."
|