T 2.99 Inadequate or incorrect configuration of the zSeries system environment

The resources provided by the zSeries architecture permit the operation of several production and test systems on a single physical computer. This configuration results in a high threat potential, because the incorrect definition of the boundaries of the zSeries system environments can permit unintentional access to other resources under certain circumstances.

• When using LPAR, it is possible to configure the disks for a z/OS operating system in such a manner that they can be used by all z/OS systems of the computer (by configuring appropriate sub-channel addresses using the host configuration definition process). Associated with this configuration is the risk that the separation of data between the LPARs is no longer ensured.
• It is possible to place disks for a logical partition, LPAR1, online on another logical partition, LPAR2. The data on the new disk are then available on LPAR2 and can be processed as per the RACF definitions of this LPAR2. If the RACF definitions of LPAR2 are less strict than the definitions of LPAR1, unauthorised tampering or reading of the data may be possible under certain circumstances.

Improper separation of test and production

Security problems can also be produced by the improper separation of test and production environments. If test and production are operated on different LPARs (different zSeries systems would be even better), it is easier to define the boundaries. The operation of test and production on the same LPAR is, in principle, possible (here threat T 3.70 Insufficient z/OS system file protection must always be taken into account); however, the separation is considerably more difficult in this case. If the boundaries between environments are not defined correctly, it is possible for test data to be included in production or for production data to be used for testing. Both involve a high threat potential.

• An outsourcing service provider operated the applications for two competing companies in the automobile industry on the same z/OS system in his computer centre. Due to an insecure configuration, it was possible for customer B to take the disks for customer A online. Customer B used this configuration to obtain competitive advantages over customer A by accessing the data.