IBM Mainframe Forum

[bazzigar]

Hello,

Why mainframe is not hackable?

Thanks,

[Akatsukami]

Because skript kiddies are even more ignorant than usual when it comes to z/OS, MVS, etc.

[Ed Goodman]

Not sure why you think they aren't.

I think the biggest difference between legacy mainframe OSs and new OSs is that mainframe assumes nothing is your business unless you have explicit permission to see it. Whereas Windows assumes you have access unless it's been told to stop you.

I'd bet the early versions of the mainframe OSs were just as naive.

Also, the things that allow a lot of modern hacks are the result of exception handling that isn't well thought out. Those "buffer overruns" and things like that. These have been plugged for along time on legacy mainframe systems.

I don't know if the newer mainframe OSs are as safe as the legacy systems. Here I'm talking about the Linux/Unix environments.

[angrybeaver]

Every OS is hackable if configured wrong. Robert S Hansel has some obvious "bad security" points on his site you could read up on (ie; profiles with UACC ALTER)

In terms of remote buffer overflows I guess anything is possible but your average Linux (and moreso Windows) user would likely be COMPLETELY lost in a TSO environment assuming they could somehow get SPECIAL authority on a console. Something tells me most services would just abend versus granting godly authority.

zOS is not readily available to the masses. You can install Hercules with an ancient version of MVS but getting a similar setup to a big corporation to even begin to REALLY discover the possibilities is extremely unlikely unless somebody walked off with the install tapes. There might be a few kids at universities that work on the mainframes there and start to get a grasp on how security works and how it could be exploited. On the flip side EVERYBODY can get access to Linux/Windows boxes to learn how to find security flaws and exploit them then very easily enumerate the security setup of a business with all sorts of tools (ie; metasploit) which are readily available.

Another possibility could be sniffing unencrypted traffic to capture logins/passwords. I imagine most reputable companies would have converted to SSL for their 3270 sessions by now though.

Probably the easiest way would be to socially engineer a DBA or somebody with SYSTEM OPERATIONS or BLP capability to go sniffing around for data for you. Pretend you're an auditor or senior leader. Most folks will do anything for those types even if it defies all logic.

[steve-myers]

... I'd bet the early versions of the mainframe OSs were just as naive. ...

Absolutely. The PCP and MFT variants of OS/360 were a joke. It was not uncommon for common user programs to write over critical data and crash the system/or (in MFT) the partition where your job was running, which amounted to the same thing. I did it myself several times, but by accident, not intent. The MVT variant of OS/360 was better, but definitely hackable. There were no data security systems for any OS/360 system; anyone could read or write just about anything. The knowledge to do damage was usually lacking, but ...

MVS was designed from the beginning to be much better, though it took some time for effective data security systems to arrive. The original RACF was a joke, but even the earliest "ACF2" systems were quite good. I don't know how effective the early "Top Secret" or "Secure" systems were, but they had to be better than the original RACF.

CP67/CMS and early VM/370 systems were probably pretty hard to "hack," especially compared to PCP and MFT, but I never had direct experience with them.

[AndreasHardt]

Hello. I work for IBM and my task is security health check. That means I control RACF and the complete z/OS if the system safety. For this I have special IBM tools, we done peneration test a.s.o. Sure mainframe is very safe but not hackable ? I don't know but to say mainframe is not hackable is the same to say an airplane have never an accident. You will hope never but it's reality . Perhaps not hackable from outside but from inside. Round about 95% of all mainframe attack came from inside (that means people the work inside the company). The rest came from external workers.

[dick scherrer]

Hello Andreas and welcome to the forum,

Hopefully, you will find something(s) of interest or use here.