BMS 3270 Intrusion Detection Service
This feature allows CICS® to detect if a 3270 emulator has invalidly modified a protected field generated by a BMS map. You can opt into this capability with a feature toggle, as described in Specifying feature toggles.
Modification of protected fields might compromise the security of an application. This feature works together with the 3270 Intrusion Detection Service provided by IBM® Communications Server. If configured, IBM Communication Server handles protection of all 3270 applications.
When both services are enabled, BMS generated 3270 data will be handled by CICS , and non-BMS 3270 data will be handled by IBM Communications Server. The advantage of enabling both is to ensure full coverage of all 3270 applications, but make use of BMS, to maximize performance and to enhance the information returned about any intrusion.
See 3270 Intrusion Detection Service in z/OS Communications Server: SNA Network Implementation Guide for the configuration and usage of 3270 IDS.
- Feature toggle for enabling this feature
-
com.ibm.cics.bms.ids={true| false }
- Feature toggles for setting configuration options
-
- com.ibm.cics.bms.ids.action={abend|ignore| log }
-
Specifies how
CICS
handles the detection of a protected
field that is overwritten by a 3270 emulator. The values are as
follows:
- abend
- CICS abends transaction ABSX.
- ignore
- CICS does not take any action.
- log
- CICS issues a DFHTF0200 message with the details of the overwrite. This is the default.
This configuration option sets the default that is passed to the URM DFHBMSX. If you want to configure the CICS action in a more granular way, use the URM DFHBMSX for configuration. The URM DFHBMSX overrides this configuration option.
- com.ibm.cics.bms.ids.vtamignore={ true |false}
- Specifies whether CICS informs IBM Communications Server that it is taking responsibility for checking the data when it is sending 3270 data related to a BMS request. This notifies IBM Communications Server's intrusion detection services that it can ignore the request. Use this option only under the guidance of IBM service.