TCP/IP resource protection

The Communications Server uses the System Authorization Facility (SAF) to protect TCP/IP resources from unauthorized access. These resources are represented by resource profiles defined in the SERVAUTH class. When describing resource profile names, the following conventions are used:

• sysname is the MVS™ system name. Substitute your system name.
• tcpname is the TCP/IP job name. Substitute your job name.
• ftpdaemonname is the job name of the FTP daemon. Substitute your FTPD job name. If your FTPD job name contains fewer than 8 characters, substitute the job name of the process that is started by FTPD, which is usually the original job name with the number 1 appended.
• rpcbindname is the job name of rpcbind. Substitute your rpcbind job name. If your rpcbind job name contains fewer than 8 characters, substitute the job name of the process that is started by rpcbind, which is usually the original job name with the number 1 appended.

The use of SERVAUTH is optional. The installation can choose to use any combination of the protections provided by SERVAUTH.

In addition to the use of SERVAUTH protection, further resource protection is provided through such functions as intrusion detection services (IDS), syslogd isolation, and IP filtering, or through controlling access to the VARY TCPIP command.