Presentation on theme: "1 SECURITRE An interface between the ADABAS/NATURAL environment and a System Security Facility (SSF), such as RACF, ACF2, or TOP SECRET SECURITRE is a."— Presentation transcript:
1 SECURITRE An interface between the ADABAS/NATURAL environment and a System Security Facility (SSF), such as RACF, ACF2, or TOP SECRET SECURITRE is a product of Treehouse Software, Inc. (TSI) All rights reserved. SECURITRE
2 SECURITRE What is SECURITRE? A security interface Comprehensive controls for: -ADABAS -NATURAL -Utilities -Internal Application Functions
3 SECURITRE Why SECURITRE? RACF, ACF2, and TOP SECRET (SSFs) do not secure ADABAS/NATURAL resources ADABAS password mechanism lacks accountability ADAESI does not secure NATURAL or Utilities NATURAL Security does not interface to the SSFs Security coded in applications can be costly and difficult to maintain “Orange Book” places higher trust in systems with single security rule base
4 SECURITRE Control without SECURITRE RACF, ACF2, or TOP SECRET Non-ADABAS data Non-NATURAL programs NATURAL Security System NATURAL NATURAL programs ADABAS Password Security ADABAS data ADABAS Utilities NATURAL Utilities Application Functions, Menus, etc.
5 SECURITRE Control with SECURITRE RACF, ACF2, or TOP SECRET with SECURITRE Non-ADABAS Data Non-NATURAL Programs ADABAS Data NATURAL NATURAL Programs ADABAS Utilities NATURAL Utilities Application Functions, Menus, etc.
6 SECURITRE SECURITRE Components SECURITRE for ADABAS SECURITRE for NATURAL NSS Conversion Facility SECURITRE for Utilities SECURITRE Real-time Monitor SECURITRE Internal Application Security
7 SECURITRE SECURITRE for ADABAS Implemented as a User-Exit-1 to the ADABAS nucleus Co-exists with other ADABAS User-Exits Security on these levels: Database File Level Field Level Unauthorized access returns Response Code 200 (ADABAS Security Violation) Includes intelligent table mechanism ADABAS utility tables for use by the newest releases of ADABAS (i.e., V6.x, V7.x and V8.x)
8 SECURITRE Overview of SECURITRE for ADABAS User RACF SECURITRE User-Exit-1/4 ADABAS Nucleus SYS1.PROCLIB ADABAS.PROD.PAYROLL NATURAL.LOGON.BENE1... Link Routine SVC ADABAS Data SECURITRE User-Exit-B/A SVC
9 SECURITRE Program Pathing Ensures that access comes not only from authorized users, but through authorized “routes” Limits access by combinations of: Filename MVS Jobname Node or SMFID of calling program NATURAL Library Program name (NATURAL or Non-NATURAL) FUSER DBID/FNR of calling program CICS Tranid and/or Termid ADABAS Command Code (e.g., S1)
10 SECURITRE SECURITRE for NATURAL Implemented as a set of exits to the NATURAL nucleus Security at these levels: NATURAL Session Initialization Library (Logon) Program (EDIT, SAVE, CAT, or STOW) Program Execution (RUN) DDM Access 8-Steplib support for NATURAL V2.2, V2.3 and higher
11 SECURITRE NATURAL Security Conversion Facility Implemented as a NATURAL application which reads the FSEC file Allows for a smooth transition from Software AG’s NATURAL Security System to SECURITRE for NATURAL Aids in building the necessary SSF rules based on site standards Aids in configuring SECURITRE for NATURAL
12 SECURITRE SECURITRE for ADABAS Utilities Implemented as a statically linked front-end to ADARUN module Controls, for each user, access by: ADABAS Utility ADABAS Utility Function DBID File
13 SECURITRE SECURITRE for NATURAL Utilities Implemented through User-Exits to the NATURAL nucleus Integrated with SECURITRE for NATURAL Controls access for each user by: NATURAL Utility NATURAL Library
14 SECURITRE SECURITRE Real-time Monitor Implemented as a standard NATURAL application which communicates with SECURITRE Access is co ntrolled by SECURITRE Provides these important functions: Purges one or all users from internal tables Displays current SECURITRE parameter settings and table sizes Reloads parameters for SECURITRE for ADABAS Reloads SECURITRE User-Exits Activates/Deactivates SECURITRE Trace Facility Invokes the TRIM RTM
15 SECURITRE SECURITRE RTM Main Menu 12/31/99 S E C U R I T R E V E R S I O N 3. 1. 0 CEW1 11:38:00 R E A L - T I M E M O N I T O R STRV310 Code Function ---- ---------------------------------- A Force one user from table (FRC1) B Force all users from table (FRCA) C Display SECURITRE parms (PARM) D Reload user exit(s) (REXT) E Reload SECURITRE parms (RPRM) F SECURITRE trace facility (TRAC) G Invoke the TRIM RTM (TRIM) H Display SECURITRE/NAT parms (NPRM) I Display current table sizes (TBLS). Exit Real-time Monitor (STOP) ---- ---------------------------------- Code: _ DBID : 1000TEST-DB Direct Command: ____ MENU Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10---PF11---PF12 HELP MENU EXIT
16 SECURITRE Display SECURITRE Parameters 12/31/99 PARM S E C U R I T R E CEW1 11:38:00 DISPLAY STRDEF PARAMETER STRV310 DBID : 202 TEST-DB File : 0 CLASS : DATASET PURINTT : 1 USERID : TRIMV5 CMDLOG : OFF PURINTV : 100 USERID2 : TRIMV5 DELIM :. QUALIFY : EDTST USERS : 10 DSNORDR: FILE CMD DBID RACHECK : RACHECK UTMODE : WARN JOB NPGM RTMORDR : FUNC DBID UTPREF : UTPREF PROCCL : OFF UTORDER : FILE UTIL EX1ALL : OFF PROCEX2 : OFF FLSDEL : DELETE SECURE : RACF FORCE : 18 STREX1 : FORMAT : NEW STREX2 : LOGVIOL: FIRST STREX3 : MODE : FAIL STRRTM : ADABAS.STR NOIDRED: ACCEPT TERM : S NOIDUPD: ACCEPT TRACE : ON N20PREF: CONTROL.N2O TRMRTM : ADABAS.TRM PREFIX : TSI.SECURTRE UEXIT1 Enter-PF1---PF2---PF3---PF4---PF5---PF6---PF7---PF8---PF9---PF10---PF11---PF12 HELP ---- MENU ---- ---- ---- ---- ---- ---- ---- ---- EXIT
17 SECURITRE Application Function Security Implemented as two subprograms: STRNAT for NATURAL applications STRASM for Non-NATURAL applications Used by sites to add special controls to applications Example: Limit items displayed on an application’s menus to those the user is authorized to execute Uses SECURITRE as a “Security Server” for applications Can replace existing security functions embedded in applications
18 SECURITRE Interface to SSF Uses SAF protocol (RACROUTE macro) Translates ADABAS/NATURAL entities into “pseudo dataset names”: ADABAS.D110.F123 ADABAS.PROD.PAYROLL NATURAL.LOGON.HRLIB NAT.PROD.EDIT.PAYLIB.PAYPGM ADABAS.UTIL.DBS.RESETDIB PAYAPP.FUNCTION.PRTCHECK Violations are logged by the SSF
19 SECURITRE Defining ADABAS Resources to the SSF ADABAS/NATURAL resources are defined just like any MVS dataset: RACF PERMIT ‘ADABAS.PROD.PAYROLL’ ID(DBAGROUP) ACCESS(ALTER) ACF2 $KEY(ADABAS) PROD.PAYROLL UID(CHFSPPRG) R(A) W(A) TOP SECRET TSS PERMIT (DBAGROUP) DSN(‘ADABAS.PROD.PAYROLL’) ACC(UPDATE)
20 SECURITRE Operating Environment Supports MVS/ESA, MVS/XA, OS/390 (MVS), and OS/VS1 Runs under any TP system which supports ADABAS and NATURAL Conforms to the site’s SSF dataset naming conventions Integrated with TRIM and N 2 O from Treehouse Software Supports calls originating from other platforms
21 SECURITRE Conclusion Comprehensive Powerful Flexible Efficient, minimal impact on performance or response times Promotes single security rule base Improves accountability
22 SECURITRE Conclusion (continued) Requires no changes to applications or data Reduces training costs Simplifies security administration and reporting Protects against accidental or intentional sabotage of data and programs Eliminates the need for separate security options/packages
Your consent to our cookies if you continue to use this website.