Cutting Through The Mystique Of Testing The Mainframe
Mainframes are not enterprise dinosaurs; they're modern systems running mission critical data that must be scrutinized as much as any other part of the IT infrastructure
BLACK HAT USA – Las Vegas – While most IT security teams tend to lump mainframe systems into the category of legacy systems unnecessary or impossible to scrutinize during regular audits, that couldn't be farther from the truth, says a researcher at Black Hat USA who this week released a number of free tools meant to help bridge the understanding gap between mainframe experts and security professionals.
"I see them described as legacy all the time: 'Oh, we don't need to implement this policy because it's a legacy system.' Calling a mainframe legacy is like calling Windows 2012 Server legacy because parts of the Window NT kernel are still in the code. Or it's like calling my car legacy because it's still got tires," said Philip "Soldier of Fortran" Young, explaining that most enterprise mainframes today run off the IBM z/OS platform. "It's not an old operating system—it's got all the same security controls you'd expect from other modern operating systems."
Additionally, security folks shouldn't fall for the common misconception that mainframes are somehow slowly going the way of the dodo. In fact, Young mentioned the fact that they're still going strong and that 70 percent of Fortune 500 companies run mainframes.
Post a comment to the original version of this story on Dark Reading