subject:"Re\: Need Hep with HIDS and z\/OS"

Re: Need Hep with HIDS and z/OS

2017-07-16 Thread esst...@juno.com

Thanks to all who responded

.
As a novice in this area, I have many questions.

What is the increase in CPU with any intrusion detection product ?
.
When is intrusion detected ?
Meaning in real time when the event happens or is it logged/posted later on a 
some report ? 

-- Original Message --
From: Charles Mills <charl...@mcn.org>
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Need Hep with HIDS and z/OS
Date: Sat, 15 Jul 2017 13:00:33 -0700

Wow. Sorry. Server must have been having a bad day. I just clicked on the
link that you re-posted and it works for me. I use Chrome, but I believe it
is tested will all the usual suspects. Can you try again?

Charles

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of Edward Gould
Sent: Saturday, July 15, 2017 10:31 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Need Hep with HIDS and z/OS

> On Jul 14, 2017, at 7:37 PM, Charles Mills <charl...@mcn.org> wrote:
> 
> "log user actions and tie said actions back to that user via a unique 
> identifier"
> 
> That is not intrusion detection. Intrusion detection is a good thing, 
> but it is basically looking for outsiders trying to get in. (Loosely 
> speaking.) Not known users doing good and occasionally bad things.
> 
> 
> 
> https://correlog.com/mainframe-security-solutions/sas-correlog-mainfra
> me/ 
> <https://correlog.com/mainframe-security-solutions/sas-correlog-mainfr
> ame/>
> +
> https://correlog.com/software/download-czdash-rcpt.html 
> <https://correlog.com/software/download-czdash-rcpt.html>
> 
> Does exactly what you describe

Charles,

I went to the url you
supplied:https://correlog.com/mainframe-security-solutions/sas-correlog-main
frame/
<https://correlog.com/mainframe-security-solutions/sas-correlog-mainframe/>

and got this:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable
to complete your request.

Please contact the server administrator at webmas...@correlog.com to inform
them of the time this error occurred, and the actions you performed just
before this error.

More information about this error may be available in the server error log.

Additionally, a 500 Internal Server Error error was encountered while trying
to use an ErrorDocument to handle the request.

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email
to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Need Hep with HIDS and z/OS

2017-07-16 Thread esst...@juno.com

Charles Mills wrote
 
>"log user actions and tie said actions back to that user via a unique
>identifier"

>That is not intrusion detection. Intrusion detection is a good thing, but it
>is basically looking for outsiders trying to get in. (Loosely speaking.) Not
>known users doing good and occasionally bad things.
 

Do I understand this correctly
Intrusion detection deals with Outsiders trying to access a system ?

Where as Logging user actions and coordinating a users activity using a unique 
identifier
validates in-house or business users activities.

Do I understand the difference ? 


Paul D'Angelo
 

-- Original Message --
From: Charles Mills <charl...@mcn.org>
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Need Hep with HIDS and z/OS
Date: Fri, 14 Jul 2017 17:37:03 -0700

"log user actions and tie said actions back to that user via a unique
identifier"

That is not intrusion detection. Intrusion detection is a good thing, but it
is basically looking for outsiders trying to get in. (Loosely speaking.) Not
known users doing good and occasionally bad things.



https://correlog.com/mainframe-security-solutions/sas-correlog-mainframe/ 
+
https://correlog.com/software/download-czdash-rcpt.html 

Does exactly what you describe. In real time. With alerts for the bad things
to your cell phone or BMC Remedy, etc.

See it live in action with "Soldier of Fortran" Phil Young:
https://correlog.com/correlog-events/ (scroll down to the second section)



Charles

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of esst...@juno.com
Sent: Friday, July 14, 2017 3:28 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Need Hep with HIDS and z/OS

 
Hello, 
 

I'm not a security person. 
Need some help with HIDS and z/OS-
What is HIDS You ask ?
HIDS  stands for Host Intrusion Detection System
*
I'm researching an issue for a business unit.
I really know nothing about HIDS.

.
There requirement
What they are looking for here is essentially a tool that has the
functionality to log user actions and tie said actions back to that user via
a unique identifier.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Need Hep with HIDS and z/OS

2017-07-15 Thread Rob Schramm

There are a few companies that have SMF logger offload directly to
something like splunk for access logging as well as moving security logs
off platform.

User ID + system iD + date + time should work for being unique.

Smart comes to mind.. but I know there are others.

HTH

Rob Schramm



On Sat, Jul 15, 2017, 1:41 PM Edward Gould  wrote:

> > On Jul 14, 2017, at 7:37 PM, Charles Mills  wrote:
> >
> > "log user actions and tie said actions back to that user via a unique
> > identifier"
> >
> > That is not intrusion detection. Intrusion detection is a good thing,
> but it
> > is basically looking for outsiders trying to get in. (Loosely speaking.)
> Not
> > known users doing good and occasionally bad things.
> >
> > 
> >
> >
> https://correlog.com/mainframe-security-solutions/sas-correlog-mainframe/
>  >
> > +
> > https://correlog.com/software/download-czdash-rcpt.html <
> https://correlog.com/software/download-czdash-rcpt.html>
> >
> > Does exactly what you describe
>
> Charles,
>
> I went to the url you supplied:
> https://correlog.com/mainframe-security-solutions/sas-correlog-mainframe/
>  >
>
> and got this:
>
> Internal Server Error
>
> The server encountered an internal error or misconfiguration and was
> unable to complete your request.
>
> Please contact the server administrator at webmas...@correlog.com to
> inform them of the time this error occurred, and the actions you performed
> just before this error.
>
> More information about this error may be available in the server error log.
>
> Additionally, a 500 Internal Server Error error was encountered while
> trying to use an ErrorDocument to handle the request.
>
>
>
>
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
-- 

Rob Schramm

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Need Hep with HIDS and z/OS

2017-07-15 Thread Edward Gould

> On Jul 14, 2017, at 7:37 PM, Charles Mills  wrote:
> 
> "log user actions and tie said actions back to that user via a unique
> identifier"
> 
> That is not intrusion detection. Intrusion detection is a good thing, but it
> is basically looking for outsiders trying to get in. (Loosely speaking.) Not
> known users doing good and occasionally bad things.
> 
> 
> 
> https://correlog.com/mainframe-security-solutions/sas-correlog-mainframe/ 
>  
> +
> https://correlog.com/software/download-czdash-rcpt.html 
>  
> 
> Does exactly what you describe

Charles,

I went to the url you 
supplied:https://correlog.com/mainframe-security-solutions/sas-correlog-mainframe/

and got this:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to 
complete your request.

Please contact the server administrator at webmas...@correlog.com to inform 
them of the time this error occurred, and the actions you performed just before 
this error.

More information about this error may be available in the server error log.

Additionally, a 500 Internal Server Error error was encountered while trying to 
use an ErrorDocument to handle the request.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Need Hep with HIDS and z/OS

2017-07-14 Thread Charles Mills

"log user actions and tie said actions back to that user via a unique
identifier"

That is not intrusion detection. Intrusion detection is a good thing, but it
is basically looking for outsiders trying to get in. (Loosely speaking.) Not
known users doing good and occasionally bad things.



https://correlog.com/mainframe-security-solutions/sas-correlog-mainframe/ 
+
https://correlog.com/software/download-czdash-rcpt.html 

Does exactly what you describe. In real time. With alerts for the bad things
to your cell phone or BMC Remedy, etc.

See it live in action with "Soldier of Fortran" Phil Young:
https://correlog.com/correlog-events/ (scroll down to the second section)



Charles

-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of esst...@juno.com
Sent: Friday, July 14, 2017 3:28 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Need Hep with HIDS and z/OS

 
Hello, 
 

I'm not a security person. 
Need some help with HIDS and z/OS-
What is HIDS You ask ?
HIDS  stands for Host Intrusion Detection System
*
I'm researching an issue for a business unit.
I really know nothing about HIDS.

.
There requirement
What they are looking for here is essentially a tool that has the
functionality to log user actions and tie said actions back to that user via
a unique identifier.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Need Hep with HIDS and z/OS

2017-07-14 Thread a. hassan bey

Take a look at
https://www.go2vanguard.com/mainframe-security-software/audit-compliance/enforcer/

On Jul 14, 2017 6:29 PM, "esst...@juno.com"  wrote:

>
> Hello,
>
>
> I'm not a security person.
> Need some help with HIDS and z/OS-
> What is HIDS You ask ?
> HIDS  stands for Host Intrusion Detection System
> *
> I'm researching an issue for a business unit.
> I really know nothing about HIDS.
>
> .
> There requirement
> What they are looking for here is essentially a tool that has the
> functionality to log user
> actions and tie said actions back to that user via a unique identifier.
> .
> .
> That's all the information I was given.
> .
> .
> Im being told that HIDS would handle the above requirements.
> Does any one have any experience with Host Intrusion Detection System on
> z/OS ?
> .
> I located an IBM product called z/OS IDS via google.
> http://www.ibmsystemsmag.com/mainframe/administrator/
> networks/Mainframe-Intrusion-Detectio n-Services---Intruders/
> .
> .
> Has anyone installed or worked with z/OS IDS ?
> Will it do what my client is asking ?
> .
> Are there any other Mainframe HIDS vendors/products for z/OS ?
> .
> .
> Thanks In Advance
> Paul D'Angelo
> .
> ..
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Need Hep with HIDS and z/OS

2017-07-14 Thread Lizette Koehler

You might try asking on the RACF list.  They may be more aware of these types 
of products.

To join RACF-L, send a subscription request email to its list service 
(LISTSERV). Address the request to lists...@listserv.uga.edu. The request is a 
single line of text entered in both the subject and body of the message. It 
should read:
subscribe racf-l your name

Lizette


-Original Message-
>From: "esst...@juno.com" 
>Sent: Jul 14, 2017 3:27 PM
>To: IBM-MAIN@LISTSERV.UA.EDU
>Subject: Need Hep with HIDS and z/OS
>
> 
>Hello, 
> 
>
>I'm not a security person. 
>Need some help with HIDS and z/OS-
>What is HIDS You ask ?
>HIDS  stands for Host Intrusion Detection System
>*
>I'm researching an issue for a business unit.
>I really know nothing about HIDS.
>
>.
>There requirement 
>What they are looking for here is essentially a tool that has the 
>functionality to log user 
>actions and tie said actions back to that user via a unique identifier.
>.
>.
>That's all the information I was given. 
>.
>.
>Im being told that HIDS would handle the above requirements.
>Does any one have any experience with Host Intrusion Detection System on z/OS ?
>.
>I located an IBM product called z/OS IDS via google.
>http://www.ibmsystemsmag.com/mainframe/administrator/networks/Mainframe-Intrusion-Detectio
> n-Services---Intruders/ 
>.
>.
>Has anyone installed or worked with z/OS IDS ?
>Will it do what my client is asking ?
>.
>Are there any other Mainframe HIDS vendors/products for z/OS ?
>.
>.
>Thanks In Advance
>Paul D'Angelo
>.
>..

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Need Hep with HIDS and z/OS

Re: Need Hep with HIDS and z/OS

Re: Need Hep with HIDS and z/OS

Re: Need Hep with HIDS and z/OS

Re: Need Hep with HIDS and z/OS

Re: Need Hep with HIDS and z/OS

Re: Need Hep with HIDS and z/OS

7 matches

Site Navigation

Mail list logo

Footer information