Modifying architected transaction program names
Architecture TPNs are a normal way for communications to function and do not necessarily represent a security exposure. However, architecture TPNs might provide an unexpected entrance into your system. Learn the techniques used to prevent architected transaction program names from running on the system.
Some communications requests send a specific type of signal to your
system. This request is called an architecture transaction program
name (TPN) because the name of the transaction program is part
of the APPC architecture for the system. A request for display station pass-through
is an example of an architecture TPN.
Some TPNs do not pass a profile on the request. If the request becomes associated with a communications entry whose default user is *SYS, the request may be initiated on your system. However, the *SYS profile can run system functions only, not user applications.
If you do not want architecture TPNs to run with a default profile, you can change the default user from *SYS to *NONE in communications entries.
If you do not want a specific TPN to run on your system at all, perform
these steps: