Book description
One of a firm's most valuable resources is its data: client lists, accounting data, employee information, and so on. This critical data has to be securely managed and controlled, and simultaneously made available to those users authorized to see it. The IBM® z/VSE™ system has extensive capabilities to simultaneously share the firm's data among multiple users and protect them. Threats to this data come from a variety of sources. Insider threats, as well as malicious hackers, are not only difficult to detect and prevent—they could have been using resources without the business even being aware that they are there.
This IBM Redbooks® publication was written to assist z/VSE support and security personnel in providing the enterprise with a safe, secure and manageable environment.
This book provides an overview of the security provided by z/VSE and the processes for the implementation and configuration of z/VSE security components, Basic Security Manager (BSM), IBM CICS® security, TCP/IP security, single sign-on using LDAP, and connector security.
Table of contents
- Front cover
- Notices
- Preface
- Summary of changes
- Chapter 1. z/VSE and security
- Chapter 2. z/VSE Basic Security Manager
- Chapter 3. LDAP sign-on support
-
Chapter 4. Cryptography on z/VSE
-
4.1 Cryptography introduction
- 4.1.1 Modern cryptography
- 4.1.2 Cipher block chaining
- 4.1.3 Verifying the identity of communication partners
- 4.1.4 Ensuring data integrity
- 4.1.5 Combining the advantages of these algorithms
- 4.1.6 Using certificates
- 4.1.7 Comparison of key sizes
- 4.1.8 Password-based encryption
- 4.1.9 Public key encryption
-
4.2 Hardware-based encryption with z/VSE
- 4.2.1 Hardware overview
- 4.2.2 Planning your crypto configuration
- 4.2.3 LPAR cryptographic configuration
- 4.2.4 Operator commands
- 4.2.5 Cryptography for guests on z/VM
- 4.2.6 Available algorithms and key lengths
- 4.2.7 Changing the status of hardware-based encryption
- 4.2.8 Updates with z10 BC and EC
- 4.2.9 Updates with z/VSE V4R2
- 4.2.10 Updates with z/VSE V4R3
- 4.3 Hardware-based tape encryption with z/VSE
- 4.4 Example of TS1120 installation
- 4.5 Software-based encryption with Encryption Facility for z/VSE V1R1
-
4.6 Software-based encryption with Encryption Facility for z/VSE V1R2
- 4.6.1 Prerequisites
- 4.6.2 Differences of Encryption Facility between z/VSE V1R1 and V1R2
- 4.6.3 Downloading the prerequisite programs
- 4.6.4 Usage hints
- 4.6.5 Flexible support of record and stream data
- 4.6.6 Considerations on compression
- 4.6.7 Password-based encryption
- 4.6.8 Public key encryption
- 4.6.9 Advanced encryption options
- 4.6.10 Observations
- 4.7 z/VSE Navigator GUI for Encryption Facility
-
4.1 Cryptography introduction
- Chapter 5. Secure Sockets Layer with z/VSE
- Chapter 6. CICS Web Support security
- Chapter 7. Connector security
- Chapter 8. TCP/IP security
- Chapter 9. Secure Telnet
- Chapter 10. Secure FTP
- Chapter 11. WebSphere MQ with SSL
- Appendix A. Security APIs
- Appendix B. Setting up and using Keyman/VSE
- Related publications
- Back cover
Product information
- Title: Security on IBM z/VSE
- Author(s):
- Release date: November 2011
- Publisher(s): IBM Redbooks
- ISBN: 9780738436104
You might also like
book
Security on IBM z/VSE
Abstract One of a firm’s most valuable resources is its data: client lists, accounting data, employee …
book
Geac System21 commerce.connect: Implementation on the IBM eServer iSeries Server
This IBM Redbooks publication introduces the new Geac commerce platform .connect applications -- the call.connect and …
book
IBM CICS Explorer
IBM® Customer Information Control System (CICS®) Explorer is the new face of CICS Integration point for …
book
IBM z/OS V2R2: Unix Systems Services
This IBM® Redbooks® publication familiarizes you with the technical changes that were introduced into the UNIX …