Planning for Security
While every installation may have a unique set of reasons to secure data system resources, the basic reason is to prevent unauthorized personnel or programs from accessing, modifying, copying, or destroying valuable data or from damaging the system itself.
Table 1 lists some of the common benefits that you can obtain for your installation by activating security facilities for system resources:
| Resource | Benefits |
|---|---|
| System data sets | Prevents unauthorized users or jobs from accessing, modifying, copying, or destroying valuable system data. |
| SYSIN and SYSOUT data sets | Prevents unauthorized users or jobs from reading, copying, printing, or destroying job data. |
Job entry
|
Prevents unauthorized users from entering jobs into the system with specific job names and specific job classes, or entering jobs from specific ports of entry. |
| Console access | Prevents unauthorized operators from gaining access to MCS or RJP consoles. |
| Job output (writers) | Prevents unauthorized users from sending output to specific devices or remote locations. |
| Commands | Prevents unauthorized operators from entering commands from operator consoles. |
In addition to controlling access to resources, JES3, in conjunction with (system management facilities) SMF, provides the ability to audit specific actions on resources.
You and your JES system programmer should develop a security plan
for JES. Together, you should determine which resources you want to
protect and decide who should have access to those resources. Your
security plan should address questions such as:
- What resources must I protect?
- Should I restrict jobs and users from certain information depending on criteria such as security labels?
- Should I limit the job names users can submit or cancel?
- Is it important to protect SYSIN and SYSOUT?
- Which remote workstations should access my system?
- Can other nodes submit jobs to my system?
- To which nodes should I allow my system to send data?
- Should I limit the commands an operator can use?
- Do I want to restrict the consoles an operator can use to enter certain commands?
- What commands will I allow jobs, workstations, and nodes to submit to my system?
- Do I want only selected output devices to process particular output?
- Should the security label of the output appear on the header pages?
If JES3 is installed on your system, the JES system programmer
will be using the following documents: