Controlling security violations in DB/DC and DCCTL environments

Security violations are handled according to the installation's security administration guidelines.

IMS records the following security violation attempts on the IMS system log:

• Input message from an unauthorized terminal
• Password omitted when one is required
• Password incorrect for authorization
• Misspelled password
• Rejected signon
• Unauthorized DL/I command (CMD) call from application program

IMS rejects invalid input messages by sending a message to the terminal entering the message and logging the violation. The IMS system log provides an audit trail for investigation of possible security problems. The IMS system log security violation is identified as a X'10' log record type. You can use the File Select and Formatting Print utility to print the log.

You might want to have tighter security so that you are immediately notified about security violations. You can arrange for the master terminal to be immediately notified about security violations by having messages sent to it whenever the violations occur. To have the master terminal notified when violations occur, specify a non-zero value for the SECCNT initialization EXEC parameter.

However, in a large network, misspelled passwords, transaction codes, and commands can cause an extremely large number of violations and violation notifications. You can reduce the number of notifications caused by operator errors, while still providing evidence of real attempts to avoid security safeguards, by specifying a notification threshold. When the number of violations from a single terminal equals the notification threshold value (as specified by the SECCNT value), the master terminal is notified.

Another method for recording security violations is available when RACF® is installed. Each resource access violation creates a RACF type 80 record. You can use the RACF report writer to create reports based on these records.