Denial of service attack against Top Secret command processors.

book

Article ID: 209695

calendar_today

Updated On:

Products

CA Top Secret

Issue/Introduction

Are there any Top Secret control options related to denial of service attacks against the Top Secret command processors?

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

Currently there is not a TSS control option for denial of service attacks against the TSS command processors.

In order to attack the TSS command processors:
1. Top Secret administrative authority is required to issue TSS commands. Without it, TSS commands cannot be issued.
2. Requires entry to the mainframe and signon as a Top Secret administrator, then issue a TSS command from TSO, CICS, batch jobs, CA Webadmin, CA LDAP, CA Roscoe. All of these requires a user to be signed on within the mainframe.

So only a user with admin authority and ability to logon within the mainframe would be able to issue TSS commands and attempt a denial of service attack against the TSS command processors.

So the hacker would need acquire a Top Secret admininistrator userid and password in order to logon within the mainframe system.

If a hacker attempted to brute force attack a TSS admin's password, they would get suspended after hitting the PTHRESH control option maximum password violation threshold. They would need to use another TSS admin id to continue the brute force attack. If they dont have another TSS admin id, they wont get too far.

Denial of service attacks usually occur from outside the network and not within. Usually the firewall and other network monitoring devices handle denial service attacks and stop them as soon as an denial of service attack is detected.