Skip to main content

IBM z/OS V1R11 Communications Server TCP/IP Implementation Volume 4: Security and Policy-Based Networking

An IBM Redbooks publication

Note: This is publication is now archived. For reference only.


Published on 17 March 2010, updated 26 April 2010

  1. .EPUB (16.5 MB)
  2. .PDF (36.0 MB)

Google Play Books

Share this page:   

ISBN-10: 0738434108
ISBN-13: 9780738434100
IBM Form #: SG24-7801-00

Authors: Bill White, Mike Ebbers, Demerson Cilloti, Gwen Dente, Sandra Elisa Freitag, Hajime Nagao, Carlos Bento Nonato, Matt Nuttall, Frederick James Rathweg, Micky Reichenberg, Andi Wijaya and Maulide Xavier

    menu icon


    Note: This PDF is over 900 pages, so when you open it with Adobe Reader and then do a "Save As", the save process could time out. Instead, right-click on the PDF and select "Save Target As".

    For more than 40 years, IBM® mainframes have supported an extraordinary portion of the world's computing work, providing centralized corporate databases and mission-critical enterprise-wide applications. The IBM System z®, the latest generation of the IBM distinguished family of mainframe systems, has come a long way from its IBM System/360 heritage. Likewise, its IBM z/OS® operating system is far superior to its predecessors, providing, among many other capabilities, world-class, state-of-the-art, support for the TCP/IP Internet protocol suite.

    TCP/IP is a large and evolving collection of communication protocols managed by the Internet Engineering Task Force (IETF), an open, volunteer, organization. Because of its openness, the TCP/IP protocol suite has become the foundation for the set of technologies that form the basis of the Internet. The convergence of IBM mainframe capabilities with Internet technology, connectivity, and standards (particularly TCP/IP) is dramatically changing the face of information technology and driving requirements for ever more secure, scalable, and highly available mainframe TCP/IP implementations.

    The IBM z/OS Communications Server TCP/IP Implementation series provides understandable, step-by-step guidance about how to enable the most commonly used and important functions of z/OS Communications Server TCP/IP. This IBM Redbooks® publication explains how to set up security for your z/OS networking environment. With the advent of TCP/IP and the Internet, network security requirements have become more stringent and complex. Because many transactions come from unknown users and from untrusted networks such as the Internet, careful attention must be given to host and user authentication, data privacy, data origin authentication, and data integrity. Also, because security technologies are complex and can be confusing, we include helpful tutorial information in the appendixes of this book.

    For more specific information about z/OS Communications Server base functions, standard applications, and high availability, refer to the other volumes in the series:

    • "IBM z/OS V1R11 Communications Server TCP/IP Implementation Volume 1: Base Functions, Connectivity, and Routing," SG24-7798
    • "IBM z/OS V1R11 Communications Server TCP/IP Implementation Volume 2: Standard Applications," SG24-7799
    • "IBM z/OS V1R11 Communications Server TCP/IP Implementation Volume 3: High Availability, Scalability, and Performance," SG24-7800

    In addition, "z/OS Communications Server: IP Configuration Guide," SC31-8775, "z/OS Communications Server: IP Configuration Reference," SC31-8776, and "z/OS Communications Server: IP User's Guide and Commands," SC31-8780, contain comprehensive descriptions of the individual parameters for setting up and using the functions that we describe in this book. They also include step-by-step checklists and supporting examples.

    It is not the intent of this book to duplicate the information in those publications, but to complement them with practical implementation scenarios that might be useful in your environment. To determine at what level a specific function was introduced, refer to "z/OS Communications Server: New Function Summary," GC31-8771.

    Table of Contents

    Part 1. SAF-based security

    Chapter 1. RACF demystified

    Chapter 2. Protecting network resources

    Part 2. Managing security

    Chapter 3. Certificate management in z/OS

    Part 3. Policy-based networking

    Chapter 4. Policy agent

    Chapter 5. Central Policy Server

    Chapter 6. Quality of Service

    Chapter 7. IP filtering

    Chapter 8. IP Security

    Chapter 9. Network Security Services for IPSec Clients

    Chapter 10. Network Security Services for WebSphere DataPower appliances

    Chapter 11. Network Address Translation traversal support

    Chapter 12. Application Transparent Transport Layer Security

    Chapter 13. Intrusion detection services

    Chapter 14. IP defensive filtering

    Chapter 15. Policy-based routing

    Part 4. Application-based security

    Chapter 16. Telnet security

    Chapter 17. Secure File Transfer Protocol

    Part 5. Appendixes

    Appendix A. Basic cryptography

    Appendix B. Telnet security advanced settings

    Appendix C. Configuring IPSec between z/OS and Windows

    Appendix D. zIIP Assisted IPSec

    Appendix E. z/OS Communications Server IPSec RFC currency

    Appendix F. Our implementation environment


    Others who read this also read