z/OS Communication Server Intrusion Detection Services
Project and Program:
Enterprise Data Center,
Security and Compliance
Tags:
Proceedings,
SHARE Atlanta 2016,
2016
There are many types of intrusion detection systems being deployed today, and each type has its own set of advantages. The z/OS Communications Server provides an integrated Intrusion Detection Service (IDS) for TCP/IP, as well as a brand new IDS function in VTAM for detecting 3270 protocol-based attacks . With TCP/IP IDS, Communications Server uses its position as a communications endpoint to detect attacks on z/OS that otherwise might go undetected by traditional network-based intrusion detection systems. With VTAM 3270 IDS, Communications Server uses its position as the single common conduit through which all 3270 application traffic passes to detect 3270 data stream anomalies that could be potential attacks against z/OS-based services and applications.
In this session we will describe the Communications Server IDS functions, covering the following for both TCP/IP and the new VTAM 3270 IDS: • The IDS architecture
• The types of attacks detected
• The defensive and notification actions that occur when an intrusion attempt is detected
• IDS configuration
-Chris Meyer-IBM Corporation
Back to Proceedings File Library