Question & Answer
Question
You need to consider the security risks of coding DYNADJCP=YES as a VTAM start option.
Answer
By coding the VTAM start option DYNADJCP=YES, you allow connections to any CP, even untrusted ones. You need to secure your systems from allowing any non-predefined nodes from connecting to your system.
By specifying DYNADJCP=NO and overriding its value on specific link stations, you can limit connections to a specific set of CPs over some link stations, and allow connections to any CP over other link stations.
The default for the DYNADJCP start option is DYNADJCP=YES.
Take the following actions:
- Code DYNADJCP=NO as a start option.
- Override the start option with DYNADJCP=YES on those link stations (for example, Switched major node PUs) where you are sure of the identity of the nodes that are native to VTAM.
- Code an ADJCP major node for any remaining valid partners.
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg21680401