Networking on z/OS
Previous topic | Next topic | Contents | Glossary | Contact z/OS | PDF


More network security options

Networking on z/OS

The use of multiple TCP/IP stacks and socket options can be considered a security issues.

Multiple TCP/IP stacks
Although having separate IP stacks within a single LPAR can be compared to having two separate hosts running TCP/IP, it is not quite as secure. However, if a clear delineation between IP endpoints is required within a single LPAR, multiple TCP/IP stacks provides this capability. By using two stacks instead of two IP addresses within a single stack, there is a greater isolation at the two endpoints.
Socket options
On TCP/IP for z/OS, a SAF resource (EZB.SOCKOPT.*.*SO_BROADCAST) can be activated to prevent applications from activating certain socket options, such as the ability to send broadcast datagrams. This prevents an application from using broadcast datagrams that could flood a network.
Parent topic: TCP/IP on z/OS security features

Go to the previous page   |   Go to the next page

Notices | Terms of use | Support | Contact z/OS



Copyright IBM Corporation 1990, 2010