This course explains how to set up security for the z/OS networking environment. With the advent of TCP/IP and the Internet, network security requirements have become more stringent and complex.
The Communications Server, along with other elements in z/OS including RACF and Policy Agent (PAGENT), provides IP security functions. These protect data privacy and intergrity for z/OS, and protect system resources from unauthorized access.
This is a 'workshop' style course, and attendees will work through extensive hands-on exercises, on their own z/OS system.
This course is also available 'on demand' (minimum 2 students) for additional public presentations or for one-company, on-site presentations.
Attendees will need a sound knowledge of TCP/IP concepts and protocols (this can be gained by attending the RSM course TCP/IP Fundamentals), and TCP/IP in a z/OS environment (this can be gained by attending the RSM course z/OS Communications Server Part 2 - Implementing TCP/IP under z/OS. A good knowledge of UNIX System Services is also needed, which can be gained by attending RSM's course Using RACF under UNIX System Services (USS).
Delegates will learn how to
- explain how z/OS SAF, especially RACF, is used to protect your network and communications
- discuss the RACF Security profiles required to protect access to various network resources
- describe how Digital Certificates can be implemented and used within z/OS and how various clients and servers use the certificates
- explain how Digital Certificates are used in a policy-based z/OS environment
- implement NSS using a daemon and a Client
- explain the rules and policies used in the Policy Agent (PAGENT) to dictate how users, applications and organizations access and use their IT resources
- understand how the PAGENT can be configued as a Central Policy Server
- describe the QoS concepts and how to implement QoS
- permit or deny IP packets into and out of z/OS using IP Filtering
- explain how to implement IP Security
- describe at a high level how the IPSec tunnel traverses a NAT or NAPT device
- explain how to implement the TLS and SSL protocol technology to protect data exchanges between client and server applications
- implement TN3270/Telnet security and FTPS
- implement the SSH daemon and SFTP
- understand IDS
- configure policy based routing tables.
Protecting System Resources
Certificate Management in z/OS
Network Security Services
Central Policy Server
Quality of Service
Network Address Translation Traversal Support
Application Transparent Transport Layer Security
SSH Daemon and SFTP
Intrusion Detection Services
Polcy Based Routing