For more than 50 years, IBM® mainframes have supported an extraordinary portion of the world's computing work, providing centralized corporate databases, and mission-critical enterprise-wide applications. IBM z® Systems, the latest generation of the IBM distinguished family of mainframe systems, has come a long way from its IBM System/360 heritage. Likewise, its IBM z/OS® operating system is far superior to its predecessors in providing, among many other capabilities, world-class and state-of-the-art support for the TCP/IP Internet protocol suite.

TCP/IP is a large and evolving collection of communication protocols managed by the Internet Engineering Task Force (IETF), an open, volunteer organization. Because of its openness, the TCP/IP protocol suite has become the foundation for the set of technologies that form the basis of the Internet. The convergence of IBM mainframe capabilities with Internet technology, connectivity, and standards (particularly TCP/IP) is dramatically changing the face of information technology and driving requirements for ever more secure, scalable, and highly available mainframe TCP/IP implementations.

The IBM z/OS Communications Server TCP/IP Implementation series provides understandable, step-by-step guidance about how to enable the most commonly used and important functions of z/OS Communications Server TCP/IP.

This IBM Redbooks® publication is for people who install and support z/OS Communications Server. It explains how to set up security for your z/OS networking environment. With the advent of TCP/IP and the Internet, network security requirements have become more stringent and complex. Because many transactions are from unknown users and untrusted networks such as the Internet, careful attention must be given to host and user authentication, data privacy, data origin authentication, and data integrity. Also, because security technologies are complex and can be confusing, we include helpful tutorial information in the appendixes of this book.

For more information about z/OS Communications Server base functions, standard applications, and high availability, see the other following volumes in the series:

• IBM z/OS V2R2 Communications Server TCP/IP Implementation Volume 1: Base Functions, Connectivity, and Routing, SG24-8360

• IBM z/OS V2R2 Communications Server TCP/IP Implementation Volume 2: Standard Applications, SG24-8361

• IBM z/OS V2R2 Communications Server TCP/IP Implementation Volume 3: High Availability, Scalability, and Performance, SG24-8362

This book does not duplicate the information in these publications. Instead, it complements those publications with practical implementation scenarios that might be useful in your environment. For more information about at what level a specific function was introduced, see z/OS Communications Server: New Function Summary, GC31-8771.

Chapter 1. RACF demystified

Chapter 2. Protecting network resources

Chapter 3. Certificate management in z/OS

Chapter 4. Policy agent

Chapter 5. Centralized policy server

Chapter 6. Quality of service

Chapter 7. IP filtering

Chapter 8. IP Security

Chapter 9. Network Security Services for IPSec clients

Chapter 10. Network Security Services for WebSphere DataPower appliances

Chapter 11. Network Address Translation traversal support

Chapter 12. Application Transparent Transport Layer Security

Chapter 13. Intrusion detection services

Chapter 14. IP defensive filtering

Chapter 15. Policy-based routing

Chapter 16. Telnet security

Chapter 17. Secure File Transfer Protocol

Appendix A. Basic cryptography

Appendix B. Telnet security advanced settings

Appendix C. Configuring IPSec between z/OS and Windows

Appendix D. zIIP Assisted IPSec

Appendix E. z/OS Communications Server IPSec RFC currency

Appendix F. Implementation environment