£2,300.00

Price for this course

4 HOURS

Duration

Classroom IBM

Delivery

Available dates


Mon07Dec 20 TO Thu10Dec 20

Where

Tech Data
The Capitol Building, Oldbury
Bracknell
RG12 8FZ

Code

TR-647126
Mon07Dec 20 TO Thu10Dec 20

Where

Tech Data ILO UK
Connection details will be communicated separately
Instructor Led
Online

Code

TR-647127
Mon07Dec 20 TO Thu10Dec 20

Where

Tech Data
2nd Floor, Broadwall House, 21 Broadwall Street
London
SE1 9PL

Code

TR-647128
Mon22Feb 21 TO Thu25Feb 21

Where

Tech Data ILO UK
Connection details will be communicated separately
Instructor Led
Online

Code

TR-664590
Mon24May 21 TO Thu27May 21

Where

Tech Data ILO UK
Connection details will be communicated separately
Instructor Led
Online

Code

TR-664591

Overview

System z continues to extend the value of the mainframe by leveraging robust security solutions, to help meet the needs of today's on demand, service-oriented infrastructures. System z servers have implemented leading-edge technologies, such as high-performance cryptography, multi-level security, large-scale digital certificate authority and lifecycle management; as well as improved Secure Sockets Layer (SSL) performance, advanced Resource Access Control Facility (RACF) function, and z/OS Intrusion Detection Services. This advanced z/OS security course presents the evolution of the current z/OS security architecture. It explores in detail, the various technologies that are involved in z/OS Cryptographic Services, z/OS Resource Access Control Facility (RACF), and z/OS Integrated Security Services.

In the hands-on exercises, you begin with your own z/OS HTTP Server in a TCP/IP environment. Throughout the exercises, you make changes to the configuration to implement authentication by using RACF, SSL and the use of digital certificates. Use is made of facilities such as RACDCERT to manage digital certificates, PKI Services and RACF auto registration. You will also implement different scenarios to implement ssl security for a typical tcpip application; FTP: SSL, TLS, server authentication, client certificates and AT-TLS. These exercises reinforce the concepts and technologies being covered in the lectures.

Audience

This class is intended for z/OS system programmers and security specialists in charge of designing and implementing z/OS security for web-enabled applications.

Prerequisites

You should have:

  • General z/OS knowledge, including basic UNIX System Services skills
  • Experience configuring any of the web servers on z/OS
  • Basic knowledge of TCP/IP and RACF

Objective

  • Describe the components of network security, platform security, and transaction security on z/OS
  • Describe how RACF supports UNIX users and groups
  • Describe web server security flow on z/OS
  • Explain the contents and use of a digital certificate
  • Explain the difference between asymmetric and symmetric cryptographic techniques
  • Explain SSL V3 client authentication
  • Explain the basics of WebSphere Application Server and web services security
  • Utilize the RACDCERT command
  • Discuss the OCSF service providers
  • Explain VPN (IPSec), SSL/TSL, and AT-TLS and the differences between them
  • Discuss the z/OS Communication Server policy agent, IDS, and IP filtering
  • Describe and utilize System SSL
  • Explain how TN3270 and FTP SSL support works
  • Explain how IBM secure hardware cryptographic co-processors work
  • Explain how Kerberos authentication works
  • Explain the LDAP terms of DN, objectclass, attribute, schema, back end, and directory
  • Explain how to setup, customize, and operate z/OS PKI Services

Course Outline

Day 1

  • Welcome
  • Unit 1: Overview of z/OS security for on-demand business Unit 2: z/OS platform security: Part 1
  • Unit 3: z/OS platform security: Part 2
  • Unit 4: Introduction to digital certificates and PKI

Day 2

  • Unit 5: The SSL protocol
  • Unit 6: HTTP and Apache server, SSL client authentication and WebSphere Application Server security
  • Unit 7: RACF and digital certificates
  • Unit 8: Open Cryptographic Services Facility
  • Exercise 1: Controlling access using the httpd.config file Exercise 2: SSL protocol

Day 3

  • Exercise 2: SSL protocol (continued)
  • Unit 9: Introduction to z/OS Communications Server security features Unit 10: System SSL overview
  • Unit 11: TN3270 secure connection
  • Unit 12: FTP server and client secure connection
  • Unit 13: Cryptography overview: System z integrated cryptography

Day 4

  • Exercise 3: SSL client authentication and RACF auto registration
  • Unit 14: Network authentication services and Enterprise Identity Mapping Unit 15: LDAP Directory Services in z/OS and the Tivoli Director Server for z/OS
  • Unit 16: An introduction to OpenSSH for z/OS
  • Exercise 4: Securing FTP with SSL: FTPS, TLS, AT-TLS


FAQs

What do I need to bring with me to my public class?

All required learning materials and equipment are provided in the classroom.

 

 

 

 

When do public training course fees have to be paid?

For public training classes payment must be received no later than three business days prior to the first day of class in order to remain in the class and confirm your seat. Failure to provide payment by this date may result in removal from the class, and/or late cancellation fees applied. You can submit payment in the form of a Purchase Order or credit card.

 

 

 

 

On-site (private) Course Pricing:

To find out more about On-site training e-mail us at enablement@agilesolutions.co.uk or call one of our offices.

 

 

 

 

What is the cancellation policy?

Requests for cancellations or date transfers need to be received at least ten (10) business days prior to the event start date in order to receive a full refund. If a cancellation or reschedule request is received less than ten (10) business days before the start date, the penalty of 100% of the cost of the course will be applied, resulting in no amount of the fee being refunded. Refunds will not be allowed for “no-shows” in our public training or IVA courses. This cancellation policy is strictly enforced.

 

 

 

 

What happens if Agile Solutions needs to cancel or reschedule a course?

Agile Solutions reserves the right to cancel events for any reason at any time. Cancellation liability for Agile Solutions, if Agile Solutions cancels the course, is limited to the return of course payment ONLY. Agile Solutions will not reimburse registrants for any other costs including but not limited to any travel cancellation fees or penalties, including airfare and hotel costs. PLEASE NOTE: If your registration status is either “Approved”, or “Pending Payment” you have not been confirmed for the class and it is recommended that you do not make any travel arrangements until you have received a confirmation e-mail letting you know the class and registration is confirmed.

 

 

 

 

How will I know if my course has been rescheduled?

Agile Solutions reserves the right to reschedule or cancel a course due to low enrollment or if necessitated by other circumstances. Agile Solutions will contact you via e-mail or phone to inform you of the change of schedule. Once you have been notified you may reschedule or receive a full credit. Agile Solutions shall not be liable for any other costs including but not limited to any non-refundable travel arrangements if a course is rescheduled or cancelled.