Previous topic |
Next topic |
Contents |
Glossary |
Contact z/OS |
PDF
Data protection in a mainframe network Networking on z/OS |
|
Data protection not only includes privacy, but also integrity. For example, a financial transaction should be kept confidential no matter where it exists on a network. But, just as importantly, there must be controls in place to ensure that the data has not been altered. A side issue of data protection is non-repudiation: there must be a mechanism in place to ensure that a sender cannot deny having sent a packet. Conversely, non-repudiation requires a mechanism such that a receiver cannot deny having received a packet (a packet is a string of data characters). Again, it is paramount for a financial institution to be able to confirm that a transaction has genuinely been sent by who we believe sent it, and that it has been received by who we expect to receive it. The networking protocols such as TCP have built-in services which guarantee that data sent from an application arrives at its destination in the same sequence as it was transmitted and is error-free. By error-free, we mean that the same bit sequence that was transmitted is delivered to the destination node. The lower two layers in the networking architecture have the responsibility for the bit sequence and the transport layer has the responsibility for the correct sequence. To implement these network design goals, z/OS® and affiliated products provide these services:
Each of the available tools for securing resources and data can be used independently or together to accomplish security objectives. |
Copyright IBM Corporation 1990, 2010
|