As complex and exceptionally powerful systems, mainframes significantly exceed the capacities of a typical PC or server. Particularly in industries where very large volumes of data regularly have to be processed in a short time, such as finance and insurance, but also airlines or retail, mainframes are still used intensively despite the growing popularity of alternative client-server technologies.
Are mainframes as secure as their reputation?
Mainframes are generally regarded as a robust and very secure IT infrastructure that is particularly well protected against hacker attacks and failures. However, security-relevant vulnerabilities can also exist in mainframes at the operating system and application level.
Vulnerabilities often arise from negligent or incorrect configuration of the mainframe or from errors in the software development of individual applications running on the mainframe.
Vulnerabilities within the mainframe architecture allow attackers to gain unauthorized access to system resources and confidential corporate data on a large scale. The centralized data processing of a mainframe creates a particularly large potential prey for hackers and a correspondingly high potential damage for the affected company.
Common vulnerabilities at a glance
We regularly identify these vulnerabilities on mainframes:
- Users have privileged system rights and can thus gain unauthorized access to services and confidential data processed there and steal it.
- Privilege escalation attacks can be carried out via accessible operating system libraries, thereby extending user rights to full administrator rights without permission.
- Standard passwords are not changed or only very weak passwords are used. Modern password specifications, such as those issued by NIST, are not implemented on mainframe systems and enable brute force attacks, for example.
- Incorrect configurations of databases, for example, allow sensitive company data to be downloaded or modified.
In many cases, criminal attackers on mainframes are insiders, such as former or current employees who exploit their knowledge of the systems’ complex architecture and configuration. However, there are also opportunities for hackers without insider knowledge to carry out successful attacks on mainframes via the network.
The need for security audits is increasing
Regulatory requirements from BaFin, applicable laws such as KRITIS, requirements from industry standards such as PCI DSS or data security standards such as ISO 27001, special requirements from clients, or the company’s own security requirements and specifications from its own risk management – there are many reasons for companies to check the security level of mainframes used and applications running on them.
Stephan Neumann, Head of usd HeroLab, observes a trend towards growing awareness of the security of mainframes: “Particularly due to new regulatory requirements, for example from BAIT or KAIT, we are increasingly receiving requests for technical security checks of mainframes. Our clients are increasingly questioning the security of mainframes, which were previously often considered infallible. We welcome this development – after all, we regularly identify critical security vulnerabilities in mainframes and can thus help our clients with recommendations for greater security.”
Increased risk due to shortage of experts
Finding mainframe security experts is a real challenge today due to the widespread adoption of newer technologies. As a result, in many cases, mainframes are simply passed over during security audits due to a lack of suitable personnel or specialized security service providers. This creates an enormous risk to a company’s most critical IT infrastructures.
“We at usd HeroLab are pleased to be able to assist companies that have recognized the need for security audits of their mainframes and are looking for help. Here, we complement our long-standing expertise in finding technical vulnerabilities with expert know-how in the mainframe environment via collaboration with an experienced mainframe security expert,” comments Stephan Neumann.
More security through combined expertise
In addition to a penetration test (pentest), essential components of a mainframe security audit include a comprehensive audit of the configuration of the operating system and its (security) components, as well as a code review of the individual applications running on the mainframe.
“Even a well-planned design of the infrastructure does not prevent the technical implementation from containing vulnerabilities,” says Holger Ahrend, Mainframe Security Specialist and Partner at usd AG. “These vulnerabilities can only be reliably uncovered through penetration tests and security audits, which use a great deal of knowledge and experience to look for faulty configurations and weaknesses in system operation and programming.”
How we help
In order to provide the broad spectrum of necessary security analyses at the highest level, we combine expert knowledge in mainframe configuration with years of experience in security analyses and penetration tests.
Our comprehensive technical security analysis of your mainframe takes place in three phases: First, we agree on the scope with you and make necessary preparations. This is followed by an audit of the mainframe at operating system level. Here, for example, the extension of user rights through the exploitation of Authorized Program Facility (APF) libraries is checked and a review of privileged users (e.g. SPECIAL, NON-CNCL, UID(0)) and critical datasets is carried out. Subsequently, individual applications running on the mainframe are checked, for example, for their application behavior with modified input values and identification and exploitation of unsecured administration interfaces. We document the results in a detailed report including recommended measures and discuss them with your responsible contact persons.