Failure to monitor and regulate the access that is permitted to and by a remote terminal can leave your system open to a serious security breach. When CA Top Secret is used to secure CICS Multiregion Operation (MRO) and Intersystem Communication (ISC) environments, three security levels can be defined:
Used to prevent unauthorized remote regions from accessing your CICS region. With Bind Time security, a check is made when a request to establish a session is received or sent to a remote region.
Used to limit the access of a specified remote region to your resources. Link security is active once the session between regions is bound. When the session is broken, Link security is deactivated.
Used to allow incoming requests to attach to requested transactions. The session must be established. Additional degrees of Attach‑Time security are:
Set if CA Top Secret is not securing the remote region; the default.
Set if CA Top Secret is securing the remote region.
Set if CA Top Secret is securing the destination region (in an ISC environment). Verify does not apply to MRO.
For CICS release 3.2.1 and above:
Set if CA Top Secret is securing the destination region (LU6.2APPC only).
Set if CA Top Secret is securing the destination region (LU6.2APPC only).
When using Bind Time, Link, and Attach‑Time, certain parameters must be set in the Resource Definition Online (RDO) or the Resource Definition Macro (RDM).
If you are using the RDO, for:
If you are using RDM, for:
We recommend that you specify the NODSNCHK, NORESCHK, and NOLCFCHK attributes. If these attributes are not specified for the region control ACID, every resource (OTRAN) or LCF‑protected transaction ID would have to be permitted to the region control ACID used to sign on the receive terminal.
|
Copyright © 2010 CA Technologies.
All rights reserved.
|
|