NEWS: A SECURITY BOOST FOR OS/390 COMMUNICATIONS
|
New releases of eNetwork CS/390 can improve security management and TN3270 security
With the new releases of IBM eNetwork Communications Server for OS/390 (CS/390), you can take advantage of a powerful, secure communications infrastructure to handle your strategic e-business initiatives. (CS/390 2.7 is available now and CS/390 2.8 is planned for availability in 3Q 1999.) By providing end-to-end, universal access to your applications and data, CS/390 builds on the proven enterprise-class dependability, scalability, and performance of OS/390.
The new releases of CS/390 provide the advanced functions to help you securely extend the business reach of your S/390 servers to remote offices, customers, suppliers, and business partners anywhere—whether they are connected over TCP/IP, SNA, intranets, extranets or the Internet, or a mixture of these networks. In particular, CS/390 2.8 includes the following security enhancements:
- Internet Key Exchange (IKE)
- SNA Triple DES Session Level Encryption
- TN3270 Secure Sockets Layer (SSL) Client Authentication
Automated Key Management
IKE is an IETF-endorsed key and security associations management protocol for IPSec that CS/390 2.8 uses to automatically create and securely distribute encryption keys. This capability substantially reduces the manual effort and time involved in managing and distributing encryption keys for networks secured by IPSec. The IKE enhancement also supports non-disruptive refresh of keys, making it easier to change keys more often to help protect against a forceful attack on the network.
Advanced Encryption Capability
CS/390 2.8 can help bolster the strength of the network by providing advanced encryption technology. With the inclusion of triple DES—the strongest encryption algorithm available today—SNA users can now leverage this industry-leading standard in order to implement an essentially impenetrable encryption capability.
| CS/390 version 2.7 Highlights |
CS/390 2.7 includes the following enhancements:
- A fast response cache accelerator to provide industry-leading Web serving performance
- Enterprise Extender to streamline the integration of SNA and TCP/IP networks
- Built-in Tivoli management software to simplify network management
- SNMP Version 3 for more secure network management
- OSA Express Gigabit Ethernet™ support to relieve network congestion
- Service Policy Agent to improve the management and delivery of Differentiated Services for TCP/IP networking
- Updated standards to increase support for VPNs
- Expanded benefits for TCP/IP in a parallel Sysplex
- New IP services for eNetwork On-Demand Server
|
|
SSL Client Authentication for Increased TN3270 Security
By adding SSL client authentication to the TN3270E server and by using Security Server’s (RACF’s) certificate registration capability, CS/390 2.8 helps prevent unauthorized access to S/390 SNA applications from TCP/IP clients. Before users can even receive a logon screen from TN3270, they must provide an authenticated certificate that is from a trusted certificate authority and, if required, that is registered with RACF as an authorized user of the TN3270E server. This capability can help protect user IDs—and other important started tasks and subsystems—from being used inappropriately. It can also protect user IDs from being revoked, either accidentally or intentionally, with invalid password attempts.
Be sure to watch for more details about the upcoming CS/390 2.8 enhancements in the near future.
For More Information
Visit http://www.ibm.com/software/commserver/
