Securing an SNA environment for the 21st century
In today's ever expanding business environment, securing an IT Enterprise takes center stage in an overall business strategy. However, over the past 10 years as the IT industry has enhanced security defenses and best practices for IP networks, configuring secure SNA environments has not been pursued with the same zeal for some organizations.
In the past, SNA system programmers were able to rely on a hierarchical architecture, strong physical controls, and a limited amount of access to protect their critical business services. As the IT industry developed larger networks with increased availability, these assumptions no longer held true. Introduction of new technologies enhanced the availability of SNA with more dynamic network recovery. Although the use of faster IP infrastructure has "opened” the SNA networking environment, this loss of physical security can be replaced by a mix of other strong security options that are integrated into the different layers of SNA.
SNA at its core was designed with the ability to wrap different layers of connections with a blanket of security. This paper describes how you establish a session within an SNA environment by connecting to a node, then establishing and maintaining a link connection into the network. You then negotiate a proper session and handle the flows within the session itself. At each level, SNA provides different security controls that can govern the connections and protect different session information.
From network border searching controls, tuning options and the use of encryption ciphers you can harden the walls of your SNA network from the inside out. Even the data transactions themselves are wrapped within several layers of connections that can contain multiple security checks.
SNA has even been enhanced to take advantage of IP networking technology. In order to protect the transactions that flow over an IP network you can deploy a mix of SNA and IP security. Using these controls, you can authenticate the traffic flow and protect the data from prying eyes using advanced key management and cipher algorithms.
This paper will educate the SNA-skilled reader on network security concepts and includes recommendations for evaluating and configuring their APPN and subarea SNA environment to enhance security.