RE: z/OS, OS/390 Pen testing tips/ideas/papers?

["Steven Lane" <steve.lane () alphacourt com>]

Nick,

I am focusing on IBM WebSphere MQ security at the moment.  One of the  most
common platforms that this runs on is OS/390 or z/OS.  Since WMQ can be
compromised if the OS is compromised, I am interested in any penetration
test methods or weaknesses that exist in 'big box' security. I would like to
put together an attack tree for z/OS or OS/390 and understand the
vulnerabilities of these systems. I would appreciate it for would forward
anything you find to me or any really good URLs.

Kind Regards

Steve

------------------------------
Steven Lane
Information Security Consultant

Alphacourt Limited
Email: steve.lane () alphacourt com
www: http://www.alphacourt.com
-------------------------------


-----Original Message-----
From: visigoth [mailto:visigoth () securitycentric com]
Sent: 30 January 2003 03:09
To: Nick Jacobsen
Cc: pen-test () securityfocus com
Subject: Re: z/OS, OS/390 Pen testing tips/ideas/papers?


On Tue, Jan 28, 2003 at 05:24:22AM -0800, Nick Jacobsen wrote:
> Hi all,
>     One of my clients has an IBM OS/390 running on one of their networks I
> am doing some security testing on, and considering I really have not dealt
> with any IBM mainframes before when it comes to security, I was hoping
that
> some of you might be able to point me the right direction.  Anything would
> be helpful, but especially from a penetration viewpoint.




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/