Networking on z/OS
Previous topic | Next topic | Contents | Glossary | Contact z/OS | PDF


Network security

Networking on z/OS

Security entails the reduction of the likelihood of damage, whether intentional or inadvertent. Within a context of z/OS, features such as TLS/SSL, IPSec, and SSH can be used to improve the security of data on the network. Other features such as AT-TLS and SAF-based security can also be used. Intrusion detection services are already active to some degree within the TCP/IP stack. The policy agent is the repository for many security-related configuration values. Due to the complexity of the SNA architecture and its present limited use in the telecommunications portion of the network, security in this context is not as much of a concern as it is in an IP context.

  • About security
    Security is all about how to reduce the impact of either intentional or unintentional damage.
  • TCP/IP security
    The security features relating to TCP/IP on z/OS are extensive. When combined with all the security capabilities of the System Authorization Facility (SAF) interface, the amount of control that can be exercised is phenomenal.
  • TN3270 security
    The TN3270 environment is unique and complex enough to warrant some special attention. As mentioned, the TN3270 server supports TLS. In addition, the TN3270 server makes full use of SAF-based authentication. And, if desired, TLS and SAF can be used together to force a TN3270 client to send a certificate that is associated with a SAF controlled user ID, allowing a product like RACF further control.
  • SNA security
    SNA can be roughly divided into two types of implementation: subarea and APPN. The security considerations are slightly different between them.
Parent topic: Network operations and administration

Go to the previous page   |   Go to the next page

Notices | Terms of use | Support | Contact z/OS



Copyright IBM Corporation 1990, 2010