Book description
Abstract
One of a firm’s most valuable resources is its data: client lists, accounting data, employee information, and so on. This critical data must be securely managed and controlled, and simultaneously made available to those users authorized to see it.
The IBM® z/VSE® system features extensive capabilities to simultaneously share the firm’s data among multiple users and protect them. Threats to this data come from various sources. Insider threats and malicious hackers are not only difficult to detect and prevent, they might be using resources with the business being unaware.
This IBM Redbooks® publication was written to assist z/VSE support and security personnel in providing the enterprise with a safe, secure and manageable environment.
This book provides an overview of the security that is provided by z/VSE and the processes for the implementation and configuration of z/VSE security components, Basic Security Manager (BSM), IBM CICS® security, TCP/IP security, single sign-on using LDAP, and connector security.
Table of contents
- Front cover
- Notices
- Preface
- Summary of changes
- Chapter 1. z/VSE and security
- Chapter 2. z/VSE Basic Security Manager
- Chapter 3. LDAP sign-on support
-
Chapter 4. Cryptography on z/VSE
-
4.1 Cryptography introduction
- 4.1.1 Modern cryptography
- 4.1.2 Encryption modes
- 4.1.3 Verifying the identity of communication partners
- 4.1.4 Ensuring data integrity
- 4.1.5 Secure Sockets Layer and Transport Layer Security
- 4.1.6 Use of certificates
- 4.1.7 Comparison of key sizes
- 4.1.8 Password-based encryption
- 4.1.9 Public key encryption
-
4.2 Configuring cryptographic hardware
- 4.2.1 Hardware overview
- 4.2.2 Planning your crypto configuration
- 4.2.3 Configuring LPAR activation profile
- 4.2.4 CPC cryptographic configuration
- 4.2.5 LPAR cryptographic configuration
- 4.2.6 Hardware crypto device driver in z/VSE
- 4.2.7 Disabling a crypto device
- 4.2.8 Cryptography for guests on z/VM
- 4.2.9 Cryptography when using an external security manager
- 4.2.10 Changing the status of hardware-based encryption
- 4.2.11 AP-queue Adapter Interruption Facility
- 4.3 Hardware-based tape encryption with z/VSE
- 4.4 Example of TS1120 installation
- 4.5 Software-based encryption with Encryption Facility for z/VSE V1R1
-
4.6 Software-based encryption with Encryption Facility for z/VSE V1R2
- 4.6.1 Prerequisites
- 4.6.2 Differences in Encryption Facility between z/VSE V1R1 and V1R2
- 4.6.3 Downloading the prerequisite programs
- 4.6.4 Usage hints
- 4.6.5 Flexible support of record and stream data
- 4.6.6 Considerations on compression
- 4.6.7 Password-based encryption
- 4.6.8 Public key encryption
- 4.6.9 Advanced encryption options
- 4.6.10 Observation
- 4.7 z/VSE Navigator GUI for Encryption Facility
-
4.1 Cryptography introduction
- Chapter 5. Secure Sockets Layer with z/VSE
- Chapter 6. CICS Web Support security
- Chapter 7. Connector security
- Chapter 8. TCP/IP security
- Chapter 9. Secure Telnet
- Chapter 10. Secure File Transfer Protocol
- Chapter 11. WebSphere MQ with SSL
- Appendix A. Security APIs
- Appendix B. Setting up and using Keyman/VSE
- Related publications
- Back cover
Product information
- Title: Security on IBM z/VSE
- Author(s):
- Release date: June 2018
- Publisher(s): IBM Redbooks
- ISBN: 9780738456911
You might also like
book
Security on IBM z/VSE
One of a firm's most valuable resources is its data: client lists, accounting data, employee information, …
book
Geac System21 commerce.connect: Implementation on the IBM eServer iSeries Server
This IBM Redbooks publication introduces the new Geac commerce platform .connect applications -- the call.connect and …
book
VMware Implementation with IBM System Storage DS5000
In this IBM® Redbooks® publication, we compiled best practices for planning, designing, implementing, and maintaining IBM …
book
IBM WebSphere V5.0 Security: WebSphere Handbook Series
This IBM Redbook provides IT Architects, IT Specialists, application designers, application developers, application assemblers, application deployers …