During their penetration tests (pentests), our security analysts at usd HeroLab repeatedly uncover vulnerabilities that pose significant risks to corporate security. They increasingly encounter the same vulnerabilities. Our blog series "Top 3 Vulnerabilities" presents them and provides tips on how to avoid them - for #moresecurity across all IT assets.
Today we look at the three most common security-critical vulnerabilities that our analysts have identified in Pentests of Mainframes in recent years.
Why Mainframe Pentests?
Mainframes are highly complex and extraordinarily powerful systems that far exceed the capacity of typical PCs or servers. They remain widely used in industries that process vast amounts of data in short periods, despite the growing popularity of alternative client-server technologies. However, as newer technologies become more prevalent, it has become increasingly difficult to find security experts specialized in mainframes. As a result, these systems are often overlooked in security assessments due to a lack of qualified personnel.
Even though mainframes have a reputation for being particularly secure IT infrastructures, they can still be affected by security vulnerabilities - both at the operating system and application levels. These weaknesses often stem from careless or incorrect system configurations or from errors in the development of custom software applications. As a result, organizations face substantial risks to their most critical IT infrastructures.
In our mainframe pentests, we combine deep expertise in mainframe configurations with years of experience in security analysis and penetration testing. This enables us to help our clients identify security issues and implement appropriate countermeasures. In this article, we present the three vulnerabilities we have most frequently encountered in recent years.
Top 1: Misconfigured RACF Permissions
RACF (Resource Access Control Facility) is the central authorization system used in IBM z/OS environments. Nearly all data, programs, and other resources on a mainframe are protected through RACF structures. This means that a misconfiguration in RACF can create a critical security risk. One example would be a default user for an enterprise resource planning (ERP) application who is able to bypass restrictions and gain unauthorized access to additional data.
Security tip: Establish a role- and rights-based access control model with straightforward, profile-based permission structures in RACF.
Top 2: Coding Errors in Transaction-Based Applications
Mainframes traditionally handle many background processes, known as batch jobs. However, they also run transaction-based programs that allow interactive user input. Examples include applications for credit processing or customer data management. Just like modern web applications, these programs can contain vulnerabilities such as improper access control, logical flaws, or even injection vulnerabilities. A dedicated application pentest can help uncover these attack vectors.
Security tip: Always handle user input carefully in mainframe applications and validate all inputs before processing them.
Top 3: Weak Security Configurations
Although mainframes use different terminology - typically referred to as parameterization rather than configuration - this does not change the fact that security weaknesses can arise from improper system settings. Common issues include weak password policies, flaws in encryption mechanisms, or insecure file exchange with other systems. A security audit can help identify misconfigurations and mitigate risks.
Security tip: There are established hardening guidelines for z/OS and IBM iSeries, such as those from the Center for Internet Security (CIS). Following these guidelines can help prevent many vulnerabilities from the outset.
Let's Wrap It Up
Vulnerabilities within mainframe architecture can allow attackers to gain unauthorized access to system resources and large volumes of sensitive corporate data. Due to the centralized nature of mainframe data processing, such breaches can have devastating consequences for organizations. At the same time, there is a severe shortage of skilled professionals or specialized security service providers who can effectively identify and address these vulnerabilities.
Our Mainframe Penetests are specifically designed to uncover and mitigate the vulnerabilities discussed in this article, among others. They provide the expertise and proactive measures needed to enhance security and resilience against evolving cyber threats. Get in touch with us - we’re happy to help
To provide the highest level of security analysis for mainframes, we combine our deep expertise in mainframe configuration with our extensive experience in security analysis and penetration testing. For years, we have successfully collaborated with our partner Holger Ahrend, a specialist in mainframe security, to ensure the best results.
Even a well-planned design of the infrastructure does not prevent the technical implementation from containing vulnerabilities. These vulnerabilities can only be reliably uncovered through penetration tests and security audits, which require a great deal of knowledge and experience to look for faulty configurations and weaknesses in system operation and programming.
