WORKLOAD AUTOMATION COMMUNITY
  • Home
  • Blogs
  • Forum
  • Resources
  • Events
  • About
  • Contact
  • What's new

An overview of Security & Vulnerability Exposure tests on Workload Automation

5/6/2019

0 Comments

 
Picture
The four fundamental areas that security tests on Workload Automation cover include: OpenSSL, GSKit, WAS Security and cURL

OpenSSL (Open Secure Sockets Layer) Overview
OpenSSL is a popular Open Source implementation of the SSL/TLS protocols. The project is managed by a worldwide community of volunteers. The core library, written in the C programming language, implements basic cryptographic functions and provides various utility functions. Wrappers allowing the use of the OpenSSL library in a variety of computer languages are available. Versions are available for most UNIX and UNIX-like operating systems (including Solaris, Linux, macOS, QNX, and the various open-source BSD operating systems), OpenVMS and Microsoft Windows. IBM provides a port for the System i (OS/400).

The SSL and TLS protocols enable two parties to identify and authenticate each other and communicate with confidentiality and data integrity. The TLS protocol evolved from the Netscape SSL 3.0 protocol but TLS and SSL do not interoperate.

The SSL and TLS protocols provide communications security over the internet, and allow client/server applications to communicate in a way that is confidential and reliable. The protocols have two layers: A Record Protocol and a Handshake Protocol, and these are layered above a transport protocol such as TCP/IP. They both use asymmetric and symmetric cryptography techniques.

An SSL or TLS connection is initiated by an application, which becomes the SSL or TLS client. The application which receives the connection becomes the SSL or TLS server. Every new session begins with a handshake, as defined by the SSL or TLS protocols.
 
OpenSSL on Workload Automation
TEST Overview:
  • Test of OpenSSL functionality using a Master Domain Manager (MDM) and Fault Tolerant Agent (FTA) on all platforms (OpenSSL certificate configuration on MDM and FTA in SSL/TLS)
TEST of:
  • L3 support release new OpenSSL package for all platforms and for test on MDM and FTA
  • Scheduling: Test JobStream submissions and Job submissions. Test ssmagent agents event rule management for FTA.
  • Migration of a mixed network of an already configured environment in OpenSSL
 
GSKit (Global Security Kit) Overview
Global Security Kit (GSKit) is an optional software package that is required only if Secure Sockets Layer (SSL) Security or Transport Layer Security (TLS) is required. Directory Server alone does not provide the capability for SSL connections from Directory Server clients. You can enable the SSL feature by installing the GSKit package. The GSKit package includes SSL support and associated RSA Security, Inc. technology.
OpenSSL is included in GSKit and may be used for cryptographic operations (as per the OpenSSL license requirements).
The GSKit that is shipped with Workload Automation contains multiple security vulnerabilities including the TLS/SSL client and server vulnerability.
Global Security Kit is a common component that is used by several IBM products for its cryptographic and SSL/TLS capabilities.
 
GSKit on Workload Automation
TEST Overview:
  • Test of GSKit functionality using a Master Domain Manager (MDM) or and Fault Tolerant Agent (FTA) on all platforms (GSKit certificate configuration on MDM and FTA, full security enabled on WAS SSL/TLS).
TEST of:
  • L3 support release new GSKit package for all platforms and for test on MDM and FTA
  • Scheduling: Test JobStream submissions and Job submissions. Test ssmagent agents event rule management for FTA.
  • Migration of a mixed network of an already configured environment in GSKit
 
WebSphere Application Server (WAS) Security & Vulnerability Exposure Overview
WAS is a software product that performs the role of a web application server. More specifically, it is a software framework and middleware that hosts Java based web applications.
WAS is built using open standards such as Java EE, XML, and Web Services. It is supported on the following platforms: Windows, AIX, Linux, Solaris, IBM i and z/OS.
It works with several Web servers including Apache HTTP Server, Netscape Enterprise Server, Microsoft Internet Information Services (IIS), IBM HTTP Server for i5/OS, IBM HTTP Server for z/OS, and IBM HTTP Server for AIX/Linux/Microsoft Windows/Solaris.
WAS Team Releases Fix Pack, Interim Fix (IFIX), and Limited Availability Fix (LA FIX) for fix potential WAS security and vulnerability exposure.
 
WAS Security & Vulnerability Exposure on Workload Automation
TEST Overview:
  • Test of WAS fix functionality on Master Domain Manager (MDM) or and Dynamic Workload Console (DWC) on all supported platforms
TEST of:
  • New WAS fix package for all platforms and for test on MDM and DWC
  • Wastools test on MDM and DWC
  • Scheduling: JobStream submissions and Job submissions
 
cURL Overview
cURL was originally designed to move files between endpoints using different protocols, such as FTP, HTTP, SCP, and others. It started as a command-line utility but is now also a library with bindings to more than 30 languages. So now, instead of just using cURL from the shell, you can build applications that incorporate this important functionality. The libcurl library is also portable, supporting Linux®, IBM® AIX® operating system, BSD, Solaris, and many other UNIX® variants.

cURL supports HTTPS and performs SSL certificate verification by default when a secure protocol is specified such as HTTPS. When cURL connects to a remote server via HTTPS, it will first obtain the remote server certificate and check against its CA certificate store the validity of the remote server to ensure the remote server is the one it claims to be. Some cURL packages have bundled with CA certificate store file.
 
cURL on Workload Automation
TEST Overview:
  • Test of cURL library functionality using a Master Domain Manager (MDM) or and Dynamic Agent (LWA) on all platforms
TEST of:
  • L3 support release new cURL library for all platforms and for test on LWA
  • Scheduling: JobStream submissions and Job submissions
 
If you want to know more about security tests on Workload Automation, contact Simone Grammatico  [email protected].
​
​
Picture
Simone Grammatico
Simone is an IT Specialist and QA Tester at HCL Technologies with 15 years of experience as a consultant to public administration clients and later, since 2012, as a QA business software tester. Today, he is in charge of customer support (L3), FixPacks release, and Security Test of Workload Automation.
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Archives

    March 2025
    February 2025
    January 2025
    December 2024
    November 2024
    October 2024
    September 2024
    August 2024
    July 2024
    June 2024
    May 2024
    April 2024
    March 2024
    February 2024
    January 2024
    October 2023
    August 2023
    July 2023
    June 2023
    May 2023
    April 2023
    March 2023
    February 2023
    January 2023
    December 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    January 2020
    December 2019
    November 2019
    October 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017

    Categories

    All
    Analytics
    Azure
    Business Applications
    Cloud
    Data Storage
    DevOps
    Monitoring & Reporting

    RSS Feed

www.hcltechsw.com
About HCL Software 
HCL Software is a division of HCL Technologies (HCL) that operates its primary software business. It develops, markets, sells, and supports over 20 product families in the areas of DevSecOps, Automation, Digital Solutions, Data Management, Marketing and Commerce, and Mainframes. HCL Software has offices and labs around the world to serve thousands of customers. Its mission is to drive ultimate customer success with their IT investments through relentless innovation of its products. For more information, To know more  please visit www.hcltechsw.com.  Copyright © 2024 HCL Technologies Limited
  • Home
  • Blogs
  • Forum
  • Resources
  • Events
  • About
  • Contact
  • What's new