Black Hat is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Don't let your mainframe passwords be the weakest link in your enterprise

View Recording

Thursday, June 20, 2019
11:00AM-12:00PM PDT

Brought to you by:

Carbon Black
Don't let your mainframe passwords be the weakest link in your enterprise, by Chad Rikansrud & David Balcar

Most massive financial institutions rely on the IBM Mainframe platform for their day-to-day business. Without this critical platform, those businesses would cease to function. At the heart of securing any system, no less the venerable IBM mainframe, are the authentication methods used to verify users. We will examine the various password storage options for IBM’s RACF (Resource Access Control Facility) as implemented in z/OS.

Could a breach of your mainframe lead to a breach of the rest of your network? If you synchronize passwords and use one of the legacy algorithms for RACF, the answer may be: yes!

Depending on how your z/OS system is configured, the passwords may be stored using algorithms ranging from what basically amounts to cleartext, all the way up to world-class password encryption. Did you know the mainframe supports long passphrases, Multi-Factor Authentication and can also generate passtickets? If your enterprise uses RACF to secure its mainframe, you should register.

This talk is geared for technical decision makers, mainframe security personnel that want to learn more, or anyone with an interest in how z/OS stores its passwords / passtickets. You will learn how RACF stores its password information; the different types of password storage algorithms — with weaknesses / strengths in each - and also how to implement passtickets properly to avoid compromise.

Guest Presenter:

Chad Rikansrud

Chad Rikansrud is the Director of North American Operations for RSM Partners ( - a world leader in IBM mainframe security consulting services. Most of Chad's 20-year career has been in technology leadership for the financial services industry.

Sponsor Presenter:

David Balcar

David Balcar, Security Strategist at Carbon Black, has over 18 years' experience in conducting Security Research, Network Penetration testing, Incident Response and Computer Forensics. David is a regular presenter on subjects including security trends, penetration testing, top threats and network security hardening.





Sign up to receive information about upcoming Black Hat events including Briefings, Trainings, speakers, and important event updates.


Sustaining Partners