Mainframe Computers are Vulnerable

While many organizations may have conducted penetration testing, security auditing and vulnerability assessments on their network assets, mainframes often go overlooked, believed to be inherently secure. However, hacking and intrusions are daily occurrences, and mainframe computers are connected to networks and are vulnerable. Security officers from financial institutions, health care organizations, government agencies, and American businesses of all sizes are only now realizing the need to test the security posture of their mainframe systems, and the applications that run on them. They know hacks and intrusions are not rare events, they are daily occurrences.

Mainframe Security Audits and Assessments

GDF can conduct mainframe security audits and assessment services on almost any mainframe platforms:

  • AS/400
  • OS/390
  • Z/OS
  • Stratus
  • Unisys
  • Tandem
  • Intel
  • ACF2/Top-Secret
  • RACF
  • Infogaurd
  • DB2
  • IMS
  • Unix Services

GDF Mainframe Security Assessments Protocol

  • Installation and Configuration Review of the overall system and security products
  • User, Group, Station and Application Rights Review
  • General Security Posture (Settings, Unused Accounts, Cross Departmental Rights, etc.)
  • Penetration Testing
  • Application Security Testing
  • Policy Review
  • Detailed Remediation Advice

Mainframe Penetration Testing

In a penetration test, GDF experts, simulating hackers and using the techniques and technologies available to hackers, attempt to execute a true attempt at compromising the system using a zero-knowledge attack. Employing both online operatives and “boots on the ground,” we conduct a multi-layered concerted attack with an eye towards exposing flaws in all security protocols. The outcome of the test means that an organization receives a realistic view from both an administrative policy perspective, as well as from a perimeter security perspective.

Insider Attacks

A secure mainframe system might be hardened against outside hackers, but in recent months insider computer attacks have been grabbing the headlines. For prevention of insider attacks, we recommend user activity monitoring using a product like our C-All, GDF’s world class solution to control and identify insider computer attacks.

Regulation Compliance

Global Digital Forensics offers security services to help organizations meet various regulatory requirements and design methodologies to ensure the security of their mainframes, as well as the applications running on them. We’ve conducted hundreds of assessments for some of the biggest companies in the United States and internationally, and are well versed in all compliance regulations.

GDF has many whitepapers, sample reports and detailed audit checklists that we are happy to share with the security community.