IBM Mainframes’ Vulnerability to Attacks
IBM Mainframes' Vulnerability to Attacks
At the 2006 DefCon hacker conference in USA, a UK-based penetration tester
and security researcher, Martyn Ruks expressed that IBM mainframes that
record and process innumerable transactions every day are also susceptible
to attacks. This raises concerns, as large chunks of the data involved in
these transactions will be at great risk.
Some of IBM mainframes run SNA (Systems Network Architecture) protocol.
This networking protocol from IBM was designed more than thirty years
before and is currently in use by IBM mainframes as well as 'iSeries
(AS/400)' computers. Ruks demonstrated a methodology for attacking these
Systems Networking Architecture is one of the most favored network
architecture model built by IBM. Although SNA is a longtime legacy it is
The SNA is a graded network that comprises of a group of machines called
'nodes'. Nodes are end points or vital crossings that are connected with
'data links'. These Data Links include very fast local channels.
In a data-gathering phase of an intrusion, a user's query to a 'Data Link
Switching' (DLS) based router is possible through a program written in
Python (a programming language). The script also allows for information
collection pertaining to MAC address, NetBIOS name, router version and
other useful information that forms a part of "footprinting".
Similar to any online attacks, routers if left unpatched or networks are
left unprotected; they can become victims of many traditional attacks.
Many organizations fail to give due importance to security of systems.
Users possessing even slight knowledge of SNA do not care to patch their
routers. This is dangerous for it could become a source of attack on the
network. Although there is not enough literature on this subject the
hackers are well versed with the various facets of the SNA infrastructure
and thus are able to exploit its loopholes.
SNA network systems are largely used by big corporations in spite of them
being traditional. They are used to support high-value applications for
important data. The grouping of SNA along with more recent systems such as
TCP/IP bares mainframes to attacks.
Operating systems can be hardened from attacks by a proper configuration
and maintenance of network along with network administrators employing
Related article: IBM Provides Patches for its Domino & Notes Vulnerabilities
» SPAMfighter News - 9/6/2006