Mainframe computers have been around for over 50 years and remain a critical part of many businesses’ IT infrastructure. However, there are many myths about mainframe security that need to be debunked. In this blog post, we will review some common myths about mainframe security, from thinking they are impossible to hack and isolated from the rest of the world to believing they don’t need penetration testing to be secure.
Mainframes are impossible to hack
Mainframes are high-performance computers that process billions of simple calculations and transactions in real-time, being critical to the following:
- Commercial databases
- Transaction servers
- Applications requiring resiliency, security, and agility
Although mainframes are secure because their simplified architecture lacks vulnerable endpoints, they are not impossible to hack. Mainframes are often the target of sophisticated cyberattacks due to the valuable data they process and store. Several banks, which make up a great percentage of mainframe users, have been attacked in recent years.
- In 2016, the Bangladesh central bank was hacked and $81 million was stolen from its account at the Federal Reserve Bank of New York. Its main systems were known to be mainframes.
- In 2014, JPMorgan Chase & Co.’s mainframe systems were breached by hackers who stole the personal information of more than 76 million households and seven million small businesses.
These examples show that mainframes are not impenetrable to cyberattacks, despite their reputation for being highly secure. Mainframes need to be constantly monitored and updated with the latest security patches to reduce the risk of a breach.
Mainframes are isolated from the rest of the world
Mainframes are just as connected to the Internet as any other computer, as their applications need to be accessible to users worldwide. Mainframes can be physically isolated from the rest of a network by being placed in a data center, but their modern use cases require them to be constantly online.
Mainframe users need to be able to access mainframe applications and data from their desktop computers, laptops, or mobile devices. This level of accessibility makes mainframes a target for attack just like other types of modern systems.
There’s a general perception that mainframe computers are using old technology, isolating them from newer technologies and the Internet. However, mainframes have constantly evolved since their creation and are more connected than ever to the rest of the world. As IBM sums it up, “The Internet itself is based largely on numerous, interconnected mainframe computers serving as major hubs and routers.”
Mainframes don’t need penetration testing to be secure
Mainframe security is often thought to be impenetrable, so penetration testing is seen as unnecessary. However, mainframes need to be tested for vulnerabilities just like any other type of computer system.
Penetration testing can help mainframe users identify security weaknesses and take steps to mitigate them. By simulating an attack on a mainframe system, penetration testers can assess the risks and potential impact of a successful cyberattack.
Mainframe manufacturers, such as IBM, state that each mainframe user bears the responsibility for identifying and mitigating their mainframe system’s security weaknesses, both at the software and hardware level. That’s where the highly-specialized skills required for performing effective penetration testing come in handy.
Mainframe penetration testing is an assessment allowing you to test out the security of the following mainframe components:
Library access
The mainframe’s library access is used to read and write mainframe data. Attackers can target this component to gain access to mainframe data, then exfiltrate it or manipulate it for their own purposes.
Passwords
The mainframe’s passwords are used to authenticate users and provide them access to mainframe data. As with any other type of technology, passwords often form the weakest link in a system’s security due to weak password policies or detailed user error messages.
JES2/JES3 command authority and datasets
The mainframe’s JES2/JES3 command authority and datasets are used to manage mainframe jobs and data, and also to provide access to mainframe applications. Attackers can target this component as an entry point as JES commands users often have privileged mainframe access.
MVS subsystems
The mainframe’s MVS subsystems ensure the mainframe’s availability and provide access to mainframe data. MVS subsystems can form an attractive target for attackers because their users often have privileged access, which makes this component a target for a privilege escalation attack.
SVC routines
The mainframe’s SVC routines allow users to access mainframe services, such as printing or file transfer. Attackers can target this component to gain access to mainframe data or mainframe services, namely through SVC dump routines.
User privileges
The mainframe’s user privileges are used to grant mainframe users access to mainframe data and mainframe services. Attackers can target this component to gain access to mainframe data or mainframe services, such as through a privilege escalation attack.
Wrapping up
In the 1990s, the creation of less powerful computers using the client/server model brought mainframe computers to expand their capabilities through Web-serving, autonomics, disaster recovery, and grid computing. But, as they continued to act as central hubs in the largest distributed networks, including the Internet, their security also became a top concern.
Many of the main cyber risks threatening organizations include vulnerabilities attackers typically exploit in mainframe systems, namely through phishing, ransomware, malware, or credential stuffing attacks. When mainframes are left unprotected, attackers can easily exploit vulnerabilities to gain access to mainframe data or mainframe services.
Contact us if you need help improving your mainframe security.
