One way of looking at mainframe data is that it is either at rest or in transit. Data at rest is data that is not actively moving from device to device or network to network such as data stored on DASD or tape or some other way. Sometimes, data at rest is thought to be less vulnerable than data in transit, but, the truth is that it’s harder to hack a moving target than a stationary database, for example. Data in transit, or data in motion, is data that’s actively moving from one location to another such as across the Internet or through a private network, or over a 4G network. Data needs to be protected as it moves from network to network or from a local storage device to a cloud storage device (or vice versa).
You could think of it like cash in a bank. While the notes are in the vault, they’re hard for criminals to get at, but everyone knows where they are. When those notes are transferred to a van to be delivered somewhere else, they are much less secure, but hardly anyone knows where the van (and the cash) will be at any particular time. But, as we all know from TV shows and movies and headlines, both get robbed. Taking the metaphor of cash and banks into computing, we can see that our valuable data could be stolen by expert hackers who are determined enough to do it.
Thinking of data in transit for now, there are several techniques used by hackers to gain access to that data. These include:
- Man-in-the-middle (MITM) attacks – this is where an attacker secretly relays and possibly alters the communication between two parties who believe they are communicating directly with each other. One example of a MITM is active eavesdropping, in which the hacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the hacker. The hacker must be able to intercept all relevant messages passing between the two victims and can inject new ones.
- MITM Secure Sockets Layer (SSL) attacks – this is where two parties continue exchanging public keys, thinking it’s with each other, but it’s actually with a third party in the middle.
- DNS spoofing attacks (including /etc/hosts) – this is also called DNS cache poisoning, and exploits vulnerabilities in the Domain Name System (DNS) to divert Internet traffic away from legitimate servers and towards fake ones.
- TMSI overflow baseband attacks – these are attacks on mobile phone networks where a rogue Base Transceiver Station (BTS) is placed near a targeted Mobile Station (MS) and the MS connects to it. An attacker can then execute a TMSI (Temporary Mobile Subscriber Identity) overflow attack.
So, looking only at data in transit (the security van in our analogy), what can you do to keep it secure? The simplest answer is encryption of the data – making the cash worthless without some way of exchanging it for real money (unencrytpting the data). For the majority of sites without a Z14 mainframe with pervasive encryption, the best known way of doing that is PGP (Pretty Good Privacy). But you probably want something more than that. You probably want software that will verify digital signatures to prove the origin of data and ensure your data at rest is as secure as your data in motion You probably also want software that will reduce the size of the files you’re transferring and so reduce the bandwidth consumption, processing time, and disk space used. You want the software to offer easy key generation and management. And in these days of API economies, you want it to have APIs for z/OS REXX and SYSREXX, as well as for C and Java.
Perhaps most importantly these days, you need to ensure your data security is compliant with all the regulations that apply to your industry. For example, GDPR (General Data Protection Regulations) and others require software to provide unbreakable signature creation and reliable authentication. As a note: GDPR fines can be up to 4 percent of an organization’s annual global turnover or €20 million – whichever is greater.
The trouble with mainframe users is that for years they felt safe because no-one outside the mainframe world understood how they worked. That’s no longer true and mainframes are a huge target for hackers. Mainframe data can travel between mainframes, out to mobile devices and IoT (Internet of Things) devices, and up to the cloud. Mainframes are used by banks and the majority of large and successful companies. Don’t you think the data they have would be of interest to hackers?
I recommend regular checks that your data in transit is still secure.
Trevor Eddolls is CEO at iTech-Ed Ltd, and an IBM Champion for the eight years running. He currently chairs the Virtual IMS and Virtual CICS user groups, and is features in many blogs. He is also editorial director for the Arcati Mainframe Yearbook.
Latest posts by Trevor Eddolls (see all)
- Securing data in transit - May 2, 2019
- Multi-Factor Authentication - Mar 7, 2019
- Do I need real-time, continuous, mainframe security monitoring and auditing? - Oct 4, 2018