Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 SECURITRE An interface between the ADABAS/NATURAL environment and a System Security Facility (SSF), such as RACF, ACF2, or TOP SECRET SECURITRE is a.

Similar presentations


Presentation on theme: "1 SECURITRE An interface between the ADABAS/NATURAL environment and a System Security Facility (SSF), such as RACF, ACF2, or TOP SECRET SECURITRE is a."— Presentation transcript:

1 1 SECURITRE An interface between the ADABAS/NATURAL environment and a System Security Facility (SSF), such as RACF, ACF2, or TOP SECRET SECURITRE is a product of Treehouse Software, Inc. (TSI) All rights reserved. SECURITRE

2 2 SECURITRE What is SECURITRE?  A security interface  Comprehensive controls for: -ADABAS -NATURAL -Utilities -Internal Application Functions

3 3 SECURITRE Why SECURITRE?  RACF, ACF2, and TOP SECRET (SSFs) do not secure ADABAS/NATURAL resources  ADABAS password mechanism lacks accountability  ADAESI does not secure NATURAL or Utilities  NATURAL Security does not interface to the SSFs  Security coded in applications can be costly and difficult to maintain  “Orange Book” places higher trust in systems with single security rule base

4 4 SECURITRE Control without SECURITRE RACF, ACF2, or TOP SECRET Non-ADABAS data Non-NATURAL programs NATURAL Security System NATURAL NATURAL programs ADABAS Password Security ADABAS data ADABAS Utilities NATURAL Utilities Application Functions, Menus, etc.

5 5 SECURITRE Control with SECURITRE RACF, ACF2, or TOP SECRET with SECURITRE Non-ADABAS Data Non-NATURAL Programs ADABAS Data NATURAL NATURAL Programs ADABAS Utilities NATURAL Utilities Application Functions, Menus, etc.

6 6 SECURITRE SECURITRE Components  SECURITRE for ADABAS  SECURITRE for NATURAL  NSS Conversion Facility  SECURITRE for Utilities  SECURITRE Real-time Monitor  SECURITRE Internal Application Security

7 7 SECURITRE SECURITRE for ADABAS  Implemented as a User-Exit-1 to the ADABAS nucleus  Co-exists with other ADABAS User-Exits  Security on these levels:  Database  File Level  Field Level  Unauthorized access returns Response Code 200 (ADABAS Security Violation)  Includes intelligent table mechanism  ADABAS utility tables for use by the newest releases of ADABAS (i.e., V6.x, V7.x and V8.x)

8 8 SECURITRE Overview of SECURITRE for ADABAS User RACF SECURITRE User-Exit-1/4 ADABAS Nucleus SYS1.PROCLIB ADABAS.PROD.PAYROLL NATURAL.LOGON.BENE1... Link Routine SVC ADABAS Data SECURITRE User-Exit-B/A SVC

9 9 SECURITRE Program Pathing  Ensures that access comes not only from authorized users, but through authorized “routes”  Limits access by combinations of:  Filename  MVS Jobname  Node or SMFID of calling program  NATURAL Library  Program name (NATURAL or Non-NATURAL)  FUSER DBID/FNR of calling program  CICS Tranid and/or Termid  ADABAS Command Code (e.g., S1)

10 10 SECURITRE SECURITRE for NATURAL  Implemented as a set of exits to the NATURAL nucleus  Security at these levels:  NATURAL Session Initialization  Library (Logon)  Program (EDIT, SAVE, CAT, or STOW)  Program Execution (RUN)  DDM Access  8-Steplib support for NATURAL V2.2, V2.3 and higher

11 11 SECURITRE NATURAL Security Conversion Facility  Implemented as a NATURAL application which reads the FSEC file  Allows for a smooth transition from Software AG’s NATURAL Security System to SECURITRE for NATURAL  Aids in building the necessary SSF rules based on site standards  Aids in configuring SECURITRE for NATURAL

12 12 SECURITRE SECURITRE for ADABAS Utilities  Implemented as a statically linked front-end to ADARUN module  Controls, for each user, access by:  ADABAS Utility  ADABAS Utility Function  DBID  File

13 13 SECURITRE SECURITRE for NATURAL Utilities  Implemented through User-Exits to the NATURAL nucleus  Integrated with SECURITRE for NATURAL  Controls access for each user by:  NATURAL Utility  NATURAL Library

14 14 SECURITRE SECURITRE Real-time Monitor  Implemented as a standard NATURAL application which communicates with SECURITRE  Access is co ntrolled by SECURITRE  Provides these important functions:  Purges one or all users from internal tables  Displays current SECURITRE parameter settings and table sizes  Reloads parameters for SECURITRE for ADABAS  Reloads SECURITRE User-Exits  Activates/Deactivates SECURITRE Trace Facility  Invokes the TRIM RTM

15 15 SECURITRE SECURITRE RTM Main Menu 12/31/99 S E C U R I T R E V E R S I O N CEW1 11:38:00 R E A L - T I M E M O N I T O R STRV310 Code Function A Force one user from table (FRC1) B Force all users from table (FRCA) C Display SECURITRE parms (PARM) D Reload user exit(s) (REXT) E Reload SECURITRE parms (RPRM) F SECURITRE trace facility (TRAC) G Invoke the TRIM RTM (TRIM) H Display SECURITRE/NAT parms (NPRM) I Display current table sizes (TBLS). Exit Real-time Monitor (STOP) Code: _ DBID : 1000TEST-DB Direct Command: ____ MENU Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10---PF11---PF12 HELP MENU EXIT

16 16 SECURITRE Display SECURITRE Parameters 12/31/99 PARM S E C U R I T R E CEW1 11:38:00 DISPLAY STRDEF PARAMETER STRV310 DBID : 202 TEST-DB File : 0 CLASS : DATASET PURINTT : 1 USERID : TRIMV5 CMDLOG : OFF PURINTV : 100 USERID2 : TRIMV5 DELIM :. QUALIFY : EDTST USERS : 10 DSNORDR: FILE CMD DBID RACHECK : RACHECK UTMODE : WARN JOB NPGM RTMORDR : FUNC DBID UTPREF : UTPREF PROCCL : OFF UTORDER : FILE UTIL EX1ALL : OFF PROCEX2 : OFF FLSDEL : DELETE SECURE : RACF FORCE : 18 STREX1 : FORMAT : NEW STREX2 : LOGVIOL: FIRST STREX3 : MODE : FAIL STRRTM : ADABAS.STR NOIDRED: ACCEPT TERM : S NOIDUPD: ACCEPT TRACE : ON N20PREF: CONTROL.N2O TRMRTM : ADABAS.TRM PREFIX : TSI.SECURTRE UEXIT1 Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10---PF11---PF12 HELP ---- MENU EXIT

17 17 SECURITRE Application Function Security  Implemented as two subprograms:  STRNAT for NATURAL applications  STRASM for Non-NATURAL applications  Used by sites to add special controls to applications  Example: Limit items displayed on an application’s menus to those the user is authorized to execute  Uses SECURITRE as a “Security Server” for applications  Can replace existing security functions embedded in applications

18 18 SECURITRE Interface to SSF  Uses SAF protocol (RACROUTE macro)  Translates ADABAS/NATURAL entities into “pseudo dataset names”:  ADABAS.D110.F123  ADABAS.PROD.PAYROLL  NATURAL.LOGON.HRLIB  NAT.PROD.EDIT.PAYLIB.PAYPGM  ADABAS.UTIL.DBS.RESETDIB  PAYAPP.FUNCTION.PRTCHECK  Violations are logged by the SSF

19 19 SECURITRE Defining ADABAS Resources to the SSF ADABAS/NATURAL resources are defined just like any MVS dataset: RACF PERMIT ‘ADABAS.PROD.PAYROLL’ ID(DBAGROUP) ACCESS(ALTER) ACF2 $KEY(ADABAS) PROD.PAYROLL UID(CHFSPPRG) R(A) W(A) TOP SECRET TSS PERMIT (DBAGROUP) DSN(‘ADABAS.PROD.PAYROLL’) ACC(UPDATE)

20 20 SECURITRE Operating Environment  Supports MVS/ESA, MVS/XA, OS/390 (MVS), and OS/VS1  Runs under any TP system which supports ADABAS and NATURAL  Conforms to the site’s SSF dataset naming conventions  Integrated with TRIM and N 2 O from Treehouse Software  Supports calls originating from other platforms

21 21 SECURITRE Conclusion  Comprehensive  Powerful  Flexible  Efficient, minimal impact on performance or response times  Promotes single security rule base  Improves accountability

22 22 SECURITRE Conclusion (continued)  Requires no changes to applications or data  Reduces training costs  Simplifies security administration and reporting  Protects against accidental or intentional sabotage of data and programs  Eliminates the need for separate security options/packages


Download ppt "1 SECURITRE An interface between the ADABAS/NATURAL environment and a System Security Facility (SSF), such as RACF, ACF2, or TOP SECRET SECURITRE is a."

Similar presentations


Ads by Google