Automated IBM Mainframe Security and Systems Audit

AuditStar by MASE Technologies automates the process of auditing the IBM mainframe. It checks to see if the correct technical settings, file and resource protection, security system settings and system parameters are in place.

Security specialists and auditors possess the knowledge and skills to keep information secure. Most companies have corporate policies and standards based on their recommendations. AuditStar brings these practices to light and gives those responsible a security benchmark tool that evaluates and improves the overall security process. Security benchmarks are meant to be customized to serve as an organization's security standard. The benchmark defines and specifies security requirements at an operational level. AuditStar does not supplant other tools, but assures that policies are clear and there is no doubt about what needs to be done. In this way, AuditStar codifies and guides the entire security process.

Security for the IBM Mainframe has not been subjected to analysis by these standards agencies. To address this problem, we gathered experts from Ford, PacBell, Bank One, SunTrust Banks, and Coopers & Lybrand and published a scorecard for IBM/MVS in 1992. This baseline has been validated, refined and improved with use and is the core of the AuditStar software.

When using AuditStar, you are using the collective wisdom of security auditors and technical specialists to assure that your systems are set up to be secure. The software produces a scorecard that evaluates the degree to which your systems comply with your organization's own security policies and accepted security standards. All the supporting data are also available. A complete and detailed self-audit can be performed as often as required, vastly improving system controls, security and accountability.

AJAX Tools for Oracle Driven Websites

MASE Technologies Web based Software is written in AJAX using PHP, OCI, and JSON as the primary technologies. We have created a unique web user interface that provides a windows-like experience. Here are the key features:

1. AJAX/PHP Design
1. Security – Database Keys stored only in PHP and Database. Long pseudo-keys are generated (100 characters with 64 possibilities per character) to identify web session and window components.
2. Messaging – Once initial page load takes place, messages are passed between client and web server. These messages are much smaller than loading a unique page each time a request is made.
3. Serialization – PHP objects are serialized to database after each request from client and can be accessed again on subsequent calls. This allows state to be preserved.
4. No hard coded queries stored in PHP.
5. Virtual Private Database – All queries sent to database kernel can have where conditions dynamically added to them to assure security. For example, a user can issue ‘select * from table_x’. Oracle will convert this to ‘select * from table_x where mase_user_key = <key> and mase_premise_key = <key>’ without any user intervention.

2. National Language Support
1. All text displayed in the browser has been wrapped with gettext(). Each user can set their language setting.
2. Data within tables is also translated when required.