Book description
This IBM® Redbooks® publication documents the strength and value of the IBM security strategy with IBM z Systems hardware and software (referred to in this book by the previous product name, IBM System z®). In an age of increasing security consciousness and more dangerous and advanced persistent threats, System z provides the capabilities to address today’s business security challenges. This book explores how System z hardware is designed to provide integrity, process isolation, and cryptographic capability to help address security requirements.
We highlight the features of IBM z/OS® and other operating systems that offer a variety of customizable security elements. We also describe z/OS and other operating systems and additional software that use the building blocks of System z hardware to meet business security needs. We explore these from the perspective of an enterprise security architect and how a modern mainframe must fit into an enterprise security architecture.
This book is part of a three-volume series that focuses on guiding principles for optimized mainframe security configuration within a holistic enterprise security architecture. The intended audience includes enterprise security architects, planners, and managers who are interested in exploring how the security design and features of the System z platform, the z/OS operating system, and associated software address current issues, such as data encryption, authentication, authorization, network security, auditing, ease of security administration, and monitoring.
Table of contents
- Front cover
- Notices
- IBM Redbooks promotions
- Preface
- Chapter 1. Mainframe network concepts and functions
-
Chapter 2. Cryptography for network security
-
2.1 Security concepts and architecture for network cryptography on System z
- 2.1.1 Basics of cryptography for network security
- 2.1.2 Definition of a secure communication model for networks
- 2.1.3 Applications of cryptosystems for network security
- 2.1.4 Overview of the z/OS TCP/IP cryptographic infrastructure
- 2.1.5 Transport Layer Security on z/OS
- 2.1.6 AT-TLS
- 2.1.7 IPSec
- 2.1.8 OpenSSH on z/OS
- 2.1.9 PKI services
-
2.2 Guiding principles for cryptography for network security
- 2.2.1 Choosing appropriate cryptographic algorithms for network security
- 2.2.2 Defining a cryptography strategy within your organization
- 2.2.3 Choosing Transport Layer Security implementations
- 2.2.4 Things to keep in mind when defining certificates
- 2.2.5 Guiding principles for IPSec
- 2.2.6 OpenSSH on z/OS UNIX, z/OS dependant features implementation
-
2.1 Security concepts and architecture for network cryptography on System z
- Chapter 3. TCP/IP security
-
Chapter 4. SNA security
- 4.1 Introduction
- 4.2 SNA encryption versus IP encryption
- 4.3 Security controls using VTAM start options
- 4.4 Transport security
- 4.5 TN3270 Security
-
4.6 Searching security
- 4.6.1 Basics of searching
- 4.6.2 Subarea searches
- 4.6.3 Searching an APPN network
- 4.6.4 Controlling searches of other APPN networks
- 4.6.5 ADJCLUST tables
- 4.6.6 Controlling searches entering a network
- 4.6.7 Session Management Exit
- 4.6.8 Directory Services Management Exit
- 4.6.9 Searches that are not network-qualified
- 4.6.10 Authorized Cross-Net searches
- 4.7 Application security
- 4.8 Recap of recommendations
-
Chapter 5. Shared Memory Communications over RDMA
- 5.1 Overview
- 5.2 Security characteristics of SMC-R connections
-
5.3 z/OS network security features and SMC-R
- 5.3.1 Interface-based SMC-R enablement
- 5.3.2 Port-based SMC-R exclusion
- 5.3.3 SAF-based network access controls
- 5.3.4 IP filter rules
- 5.3.5 IPSec
- 5.3.6 SSL/TLS, including Application Transparent TLS (AT-TLS)
- 5.3.7 SSH
- 5.3.8 Application layer security protocols and features
- 5.3.9 Integrated Intrusion Detection Services (IDS)
- 5.3.10 Multilevel Security (MLS)
- Related publications
- Back cover
Product information
- Title: Reduce Risk and Improve Security on IBM Mainframes: Volume 2 Mainframe Communication and Networking Security
- Author(s):
- Release date: September 2015
- Publisher(s): IBM Redbooks
- ISBN: 9780738440941
You might also like
book
Reduce Risk and Improve Security on IBM Mainframes: Volume 3 Mainframe Subsystem and Application Security
This IBM® Redbooks® publication documents the strength and value of the IBM security strategy with IBM …
book
Security on the IBM Mainframe: Volume 1 A Holistic Approach to Reduce Risk and Improve Security
This IBM® Redbooks® publication documents the strength and value of the IBM security strategy with IBM …
book
IBM z/OS Mainframe Security and Audit Management Using the IBM Security zSecure Suite
Every organization has a core set of mission-critical data that must be protected. Security lapses and …
book
Windows Server 2003 Security: A Technical Reference
"Once again, Roberta Bragg proves why she is a leading authority in the security field! It's …