For more than 40 years, IBM® mainframes have supported an extraordinary portion of the world’s computing work, providing centralized corporate databases and mission-critical enterprise-wide applications. The IBM System z®, the latest generation of the IBM distinguished family of mainframe systems, has come a long way from its IBM System/360 heritage. Likewise, its IBM z/OS® operating system is far superior to its predecessors, in providing, among many other capabilities, world-class and state-of-the-art support for the TCP/IP Internet protocol suite.
TCP/IP is a large and evolving collection of communication protocols managed by the Internet Engineering Task Force (IETF), an open, volunteer organization. Because of its openness, the TCP/IP protocol suite has become the foundation for the set of technologies that form the basis of the Internet. The convergence of IBM mainframe capabilities with Internet technology, connectivity, and standards (particularly TCP/IP) is dramatically changing the face of information technology and driving requirements for ever more secure, scalable, and highly available mainframe TCP/IP implementations.
The IBM z/OS Communications Server TCP/IP Implementation series provides understandable, step-by-step guidance about how to enable the most commonly used and important functions of z/OS Communications Server TCP/IP. This IBM Redbooks® publication is for people who install and support z/OS Communications Server. It explains how to set up security for your z/OS networking environment. With the advent of TCP/IP and the Internet, network security requirements have become more stringent and complex. Because many transactions are from unknown users and untrusted networks such as the Internet, careful attention must be given to host and user authentication, data privacy, data origin authentication, and data integrity. Also, because security technologies are complex and can be confusing, we include helpful tutorial information in the appendixes of this book.
For more specific information about z/OS Communications Server base functions, standard applications, and high availability, see the other volumes in the series:
- IBM z/OS V2R1 Communications Server TCP/IP Implementation Volume 1: Base Functions, Connectivity, and Routing, SG24-7996-01
- IBM z/OS V2R1 Communications Server TCP/IP Implementation Volume 2: Standard Applications, SG24-7997-01
- IBM z/OS V2R1 Communications Server TCP/IP Implementation Volume 3: High Availability, Scalability, and Performance, SG24-7998-01
For comprehensive descriptions of the individual parameters for setting up and using the functions described in this book, along with step-by-step checklists and supporting examples, see the following publications:
- z/OS Communications Server: IP Configuration Guide, SC27-3650
- z/OS Communications Server: IP Configuration Reference, SC27-3651
- z/OS Communications Server: IP System Administrator’s Commands, SC27-3661
- z/OS Communications Server: IP User’s Guide and Commands, SC27-3662
This book does not duplicate the information in those publications. Instead, it complements them with practical implementation scenarios that can be useful in your environment. To determine at what level a specific function was introduced, see z/OS Communications Server: New Function Summary, GC27-3664-00. For complete details, we encourage you to review the documents that are listed in the additional resources section at the end of each chapter.
New in this Redbooks publication Volume 4:
- Improved Auditing of NetAccess Rules - Chapter 2
- QDIO Acceleration Coexistence with IP Filtering - Chapter 7
- Improved FIPS 140 Diagnostics - Chapter 8
- AT-TLS Support for TLS v1.2 and Related Features - Chapter 12
- Limit Defensive Filter Logging - Chapter 14
- IPv6 Support for PBR - Chapter 15
Table of contents
Part 1 SAF-based security
Chapter 1 - RACF demystified
Chapter 2 - Protecting network resources
Part 2 Managing security
Chapter 3 - Certificate management in z/OS
Part 3 Policy-based networking
Chapter 4 - Policy agent
Chapter 5 - Central Policy Server
Chapter 6 - Quality of service
Chapter 7 - IP filtering
Chapter 8 - IP Security
Chapter 9 - Network Security Services for IPSec clients
Chapter 10 - Network Security Services for WebSphere DataPower appliances
Chapter 11 - Network Address Translation traversal support
Chapter 12 - Application Transparent Transport Layer Security
Chapter 13 - Intrusion detection services
Chapter 14 - IP defensive filtering
Chapter 15 - Policy-based routing
Part 4 Application-based security
Chapter 16 - Telnet security
Chapter 17 - Secure File Transfer Protocol
Part 5 Appendixes
Appendix A - Basic cryptography
Appendix B - Telnet security advanced settings
Appendix C - Configuring IPSec between z/OS and Windows
Appendix D - zIIP Assisted IPSec
Appendix E - z/OS Communications Server IPSec RFC currency
Appendix F - Our implementation environment
These pages are Web versions of IBM Redbooks- and Redpapers-in-progress. They are published here for those who need the information now and may contain spelling, layout and grammatical errors.
This material has not been submitted to any formal IBM test and is published AS IS. It has not been the subject of rigorous review. Your feedback is welcomed to improve the usefulness of the material to others.
IBM assumes no responsibility for its accuracy or completeness. The use of this information or the implementation of any of these techniques is a customer responsibility and depends upon the customer's ability to evaluate and integrate them into the customer's operational environment.