How Can I Secure VSE TCP/IP With CA Top Secret for VSE?

Document ID : KB000053149
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

How can I secure access to TCP/IP via CA Top Secret for z/VSE?

How can I disallow the ANONYMOUS logons to connect?

Solution:

  1. Define the TCP/IP Facility to the CA Top Secret TSSPARMs member:
    FACILITY(USERnn=NAME=TCPIP)                                               FACILITY(TCPIP=PGM=IPNET)FACILITY(TCPIP=MULTIUSER)FACILITY(TCPIP=AUTHINIT)FACILITY(TCPIP=RES)  FACILITY(TCPIP=SHRPRF)  FACILITY(TCPIP=NOABEND) FACILITY(TCPIP=SIGN(M))  FACILITY(TCPIP=MODE=FAIL)
  2. Define the TCP/IP user with DUFXTR and DUFUPD permission:
    TSS CRE(TCPIP) NAME('TCP/IP') TYPE(USER) DEPT(DEPT) -                                    PASSWORD(xxxxx,0) FACILITY(STC,TCPIP) MASTFAC(TCPIP) -                   NOVOLCHK NORESCHK NOLCFCHK NODSNCHK NOSUBCHK  TSS ADD(TCPIP) FAC(BATCH)  TSS ADD(TCPIP) DUFXTR    TSS ADD(TCPIP) DUFUPD   
  3. Authorize users accordingly to the TCP/IP Facility:
    TSS ADD(myuser) FAC(TCPIP) 
  4. Update the TCP/IP IPINIT deck for security:
    DEFINE SECURITY,DRIVER=BSSTISX,DATA='ANONYM,ANONYM,'                          (This statement means that the security is activated via BSSTISX and the    ANONYMOUS userid will be ANONYM and password ANONYM on TCP/IP point of view)  
  5. Define the 'ANONYMOUS' userid in CA Top Secret with a password, so it cannot be signed on without the password.
    TSS CREATE(ANONYM) NAME('ANONYMOUS TCPIP')  PASSWORD(anypassword,0) -                                           TYPE(USER) DEPT(DEPT) 
  6. Add a '// ID' statement to the TCP/IP startup JCL:
    // ID USER=TCPIP,PWD=password 

Please see CA Product Information Bulletin (PIB) RI07005 for more information.