World®’16
GapsinYourDefense:HackingtheMainframePhilipYoung- Co-Founder- ZedSec 390
MFT175S
MAINFRAMEANDWORKLOADAUTOMATION
2 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
©2016CA.Allrightsreserved.Alltrademarksreferencedhereinbelongtotheirrespectivecompanies.
Thecontentprovidedinthis CAWorld2016presentationisintendedforinformationalpurposesonlyanddoesnotformanytypeofwarranty. The informationprovidedbyaCApartnerand/orCAcustomerhasnotbeenreviewedforaccuracybyCA.
ForInformationalPurposesOnlyTermsofthisPresentation
3 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Abstract
Themainframeisthemission-essentialbackboneoftheenterprise,housingover70percentofcorporatedata,touchingmorethanhalfofallapplications,andconnectingtotheinternetandInternetofThings(IoT)throughAPIs.However,intheenterprisesecuritydiscussion,themainframeisoftenpresumedtobeinherentlysecure.Thissessionwilldiveintothecurrentstateofmainframeofmainframehacking,whyhackersaretakingalargerinterestintheplatform,adiscussionofcomplianceversussecurityandnextstepsonhowyoucanoptimizethesecurityofyourmostmission-essentialbusinessasset.
PhilipYoungZedSec 390Co-Founder
4 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Disclaimer
I’mnothereinthenameoforonbehalfofmyemployer.Allopinionsexpressedherearemyown.
PhilipYoungZedSec 390Co-Founder
5 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
6 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
7 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
8 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
9 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
10 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
11 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLDLogica SecurityIncidentInvestigation:Bilaga_A.pdfSource:https://wikileaks.org/gottfrid-docs/
12 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLDCastleWallsUnderDigitalSiege:Risk-basedSecurityforz/OS– CAWorld‘15Source:https://www.youtube.com/watch?v=CySiZOaY2T0
13 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CommonMyths
IT’SNOTONTHEINTERNET
IT’SIMPENETRABLE
HACKERSDON’TKNOWABOUTITHACKERSDON’TKNOWABOUTIT
BUTWE’REAUDITEDALLOFTHETIME
14 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
The‘IMP’
§ Startedin2013
§ Tools:– MassScan– Nmap– Python– X3270– LinuxVPS
§ Databaseof400+mainframes
https://mainframesproject.tumblr.com/
InternetMainframesProject
15 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
16 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
17 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
18 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
19 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
ItDoesn’tMatter
20 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
EnterprisesareFlat
§ Manylargeenterprisesexperiencedabreachin2015
§ Flatnetworks
§ Nofirewallbetween“Corporate”networkandmainframe
21 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
HackingtheUnhackable
§ Fromthenetwork
§ Noknowledgeofthesystem
§ Steps– Gatherinformation– Profilethesystem– Launchattacks
Toolsreleased/updatedin2015/2016
22 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Nmap in2015/2016
•Anon?•SITE?•OSVersion?
• Information•VTAM?•CICS?•TSO?
•Version?•Nikto?•BURP?•Enumerate?• JavaObjects
23 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TN3270Screen
24 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
VTAMEnumeration
25 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
TSOUserEnumeration
26 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
27 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CICSTransactionEnumeration
28 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Removed
Removed
Removed
29 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CICSpwn
30 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CICSpwn:TSOShell
31 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CICSpwn:TSOShell
32 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
FTPAuthorizedCodeExec
33 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
WhatCanIDo?
§ Complianceisliterallythestart
§ Justbecauseyou’recompliantdoesn’tmean:– Thecompliancerulesarewelldone– Representcurrentthreats– Matchcurrentbaselines
§ VulnerabilityScanning?
34 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
GapAssessment
§ Compareyourrequirementstoastandard
§ Howdoyoucompareandcontrast?
§ Who’sexpertiseareyourelyingon?
35 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
GoBeyondCompliance
§ zAssure?
§ IdentifyingDataAssets?
§ LoggingandMonitoring?– zSecure– IronStream– Vanguard
§ PenetrationTesting?
36 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
CICSpwnhttps://github.com/ayoul3/cicspwn
Nmap Scriptshttps://github.com/zedsec390/NMAP
Metasploithttps://github.com/rapid7/metasploit-framework
Contact&ReferencesTwitter:@mainframed767E-Mail:[email protected]
37 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
Stayconnectedatcommunities.ca.com
Thankyou.
38 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
MustSeeDemos
Real-TimeDataSecurity&Compliance
CADataContentDiscoveryMainframeTheatre
MainframeSecuritySmartBar
CATopSecretMainframeTheatre
Real-TimeDataSecurity&Compliance
CAComplianceEventManagerMainframeTheatre
MainframeSecuritySmartBar
CAACF2MainframeTheatre
39 ©2016CA.ALLRIGHTSRESERVED.@CAWORLD#CAWORLD
MainframeandWorkloadAutomation
FormoreinformationonMainframeandWorkloadAutomation,pleasevisit:http://cainc.to/9GQ2JI
Top Related