The use of multiple TCP/IP stacks and socket options can be considered
a security issues.
- Multiple TCP/IP stacks
- Although having separate IP stacks within a single LPAR can be compared
to having two separate hosts running TCP/IP, it is not quite as secure. However,
if a clear delineation between IP endpoints is required within a single LPAR,
multiple TCP/IP stacks provides this capability. By using two stacks instead
of two IP addresses within a single stack, there is a greater isolation at
the two endpoints.
- Socket options
- On TCP/IP for z/OS, a SAF resource (EZB.SOCKOPT.*.*SO_BROADCAST) can be
activated to prevent applications from activating certain socket options,
such as the ability to send broadcast datagrams. This prevents an application
from using broadcast datagrams that could flood a network.