|
|
|
Trojan horses are difficult to detect when they are embedded in applications software or utilities. You must use good administrative procedures to prevent their introduction in the first place. Be wary of public domain software, free utilities, and software brought by temporary contractors, consultants, or new employees. Review TSO user data sets, and review the System Management Facility (SMF) log on a regular basis to check for critical data set updates that do not have corresponding change‑control authorization. Use the CA Auditor SMF Analysis displays to analyze SMF. Use the CA Auditor SMP Analysis Functions to monitor load library changes and determine whether proper change‑control procedures were followed.
You can find Trojan horses embedded in the operating system by using the same analysis techniques that you used to find logic bombs and trap doors. However, a Trojan horse designer places his creation where a victim is certain to execute it. In contrast, the creator of a logic bomb or trap door tries to place his work where no one else sees it. Trojan horses are almost always added to, or called from, a popular system module, CLIST, or utility function.
To reduce your risk of a Trojan horse attack, never move load modules directly from test libraries to production libraries. Always insist on reviewing the program source code and recompiling the production programs from the certified source code. You can use the CA Auditor Program Comparison and Program Freezer displays to help perform these reviews. You must thoroughly review programs because the Trojan horse could be included or copied into a program before or during the compilation, assembly, or link‑editing processes.
If you have VTAM, protect your network using VTAM session manager software. Products such as CA TPX and CA Teleview improve network security by controlling access to the network itself. For example, to access CA TPX or CA Teleview, you must supply a user ID and password, which CA ACF2, CA Top Secret, or RACF validates. After you are authorized, CA TPX or CA Teleview presents a menu that lets you sign on to another system, such as CICS, TSO, or VM. This type of protection lets the host access control software, working through the session manager, to effectively control access to applications on the remote network.
| Copyright © 2009 CA. All rights reserved. | Tell Technical Publications how we can improve this information |