advertise your website Login Registration
Submission Guidelines Recent Approved Articles Featured Articles
Submit Free Article
Home About Us Advertising GuideLines Do's & Don't T & C FAQ Contact us
  Home Computers & Technology Articles Software Articles
HostJinni Promotions
Articles Category
Arts & Entertainment
Computers & Technology
Food & Drink
Health & Fitness
Home & Family
Home Based Business
Home Improvement
Just for Women
Kids & Teens
News & Society
Online Business
Online Tickets
Real Estate
Reference and Education
Self Improvement
Sports & Recreation
Travel & Tourism
  Member Area
Author Login
Free Registration
Authors From Country
  Helpful Topics
How to Write Articles
Free Early Approval Tips
Why Article Submission
  Best of Webzine
Leader Board
Most Viewed Articles
Top Rated Articles
  WebZine Status
Total Articles -24950
Registered Authors - 4400
Featured Articles - 340
Articles added this
month - 114

Securing Mainframe FTP

File Transfer Protocol (FTP), built on client-server architecture, is a standard method for transferring files between hosts over a TCP-based network on different platforms as Unix, Z/OS, AS/400, Windows etc.

Mainframe FTP features
•z/OS FTP uses get and put commands for downloading and uploading files.
•In a Sysplex to share the system\'s workload, FTP can be simultaneously extended to multiple CPUs.
•Mainframe FTP can transfer both MVS datasets and Unix files.

Risks associated with mainframe and FTP
•Exposure of sensitive data like user ID and password, which might lead to unwanted access to the business critical information
•No control over the data after it\'s transmitted
•Access to the sensitive data in job output or printouts
•Access to USS files as well as MVS datasets
•Accessing Mainframe DB2 data
•For the execution of programs submission of batch jobs

Available FTP security tools to address the risks
•Control file options for FTP and TCP/IP
•Security software rules like System Authorization Facility (SAF)
•Exits for modifying the FTP logic
•Policy agent software like firewall

Functionalities of the tools
•Controls the data access based on both mainframe server IP address and client computer IP address
•Controls the data access based on port number. Each TCP program at an IP address is assigned with a separate port number. In general, ports 20 and 21 are used for FTP. Based on the port number in any message TCP decides to which program on that computer the received message should be sent. These ports are called Ephemeral Ports and the programs are called daemons. The daemon for FTP is named FTPD.
•Uses System Authorization Facility (SAF) to invoke security software in mainframe. SAF helps to verify user identity and in turn file and resource access.
•Controls Unix and MVS files access
•Modifies FTP logic through Exit programs by adding additional security checks
•Encrypts user ID, password and critical information

FTP security tools in detail
•Control file options for TCP/IP and FTP
•IPSEC for IPSEC secure tunnel creation
•PORT and PORTRANGE for controlling access to specific ports
•NETACCESS for controlling access to specific IP addresses in a network
•TCPCONFIG for blocking particular ports to prevent unauthorized FTP programs
•DB2 and DB2PLAN to specify the DB2 subsystem and plan
•ANONYMOUS to control anonymous logins
•CIPHERSUITE to specify encryption algorithm
•KEYRING to specify the keyring for digital certificates
•JES2INTERFACELEVEL for submitting batch jobs and accessing the print outputs

•Security Software Rules
TCP/IP and FTP call the security software through SAF. The security software rules are defined into the resource classes such as APPL, TERMINAL and SERVAUTH. Resource Descriptor Table (RDT) contains the class names and different options.

•APPL controls login to FTP daemon
•TERMINAL, used with IPV4, controls login from any specified IP address
•SERVAUTH controls access to Unix file system, specified IP addresses, ports and the network

•FTCHKIP controls a new connection
•FTCHKCMD controls the processing of an FTP command
•FTCHKJES controls the submission of a batch job
•FTCHKPWD controls the new passwords
•FTPOSTPR controls the completion of certain commands

The Mainframe supported encryption protocols are Secure Sockets Layer (SSL), Transport Layer Security (TLS), IPSEC and Kerberos. All these protocols are used to encrypt data as well as passwords. They protect the files to be transmitted, against sniffer programs. SSL and TLS are used to create and manage digital certificates and encryption keys.

•Policy Agent
Policy Agent is a mainframe software used to filter messages and for Intrusion detection services. For the filtration of messages IP address, port number and content play an important role.
Like this article..? Rate it here:  Votes | Average: 1 out of 5  Votes | Average: 2 out of 5  Votes | Average: 3 out of 5  Votes | Average: 4 out of 5  Votes | Average: 5 out of 5     0 votes, average: out of 5    
About Author
Articles Stats
  Published Date - June 14 2013
  Total Views - 7
  Total Votes - 0
  Average Rating - 0
  Comments - 0
  Mr. Nate Rodnay
Since 1982, Software Diversified Services (SDSUSA) is providing first-quality software and technical support for IBM mainframes and VM, VSE, and mainframe secure file transfer (SSH SFTP). SDSUSA ssh sftp secures ftp transactions on the mainframe network. At you can find product trials and webcasts of other mainframe software tools from SDS.
Particular Article
Author Article
  • Securing Mainframe FTP
  • [2013-06-14 ]
    File Transfer Protocol (FTP), built on client-server architecture, is a standard method for transferring files between hosts over a TCP-based network on different platforms as Unix, Z/OS, AS/400. Read More...
  • Common Features of an Effective Property and Casualty Insurance Software System
  • [2013-06-11 ]
    Today\'s Property & Casualty (P&C) insurance software systems utilizing modern technological platforms have gained popularity in the insurance industry. Read More...
  • MSG To PST Converter – Worthy Assistance To Shift MSG Emails To PST
  • [2013-06-11 ]
    Due to some reasons, MSG to PST transition becomes the need of MSG users and to fulfill this requirement MSG to PST Converter can help intelligently. Read More...
  • What is OSA Express?
  • [2013-06-11 ]
    OSA Express is a family of adapters, which provides direct mainframe-to-network attachment. Read More...
  • Convert MSG To PST To Obtain All The Outlook Benefits
  • [2013-06-11 ]
    This article contains information about MSG file and PST file, reasons for convert MSG to PST and source via which conversion can be done. MSG to PST converter can be utilized for this need. Read More...
  • MSG To EML Converter Helping You In Smooth Data Migration
  • [2013-06-11 ]
    Due to corruption in Outlook or due to any other reason, if you wanted to move MSG files in EML, you can make use of MSG to EML converter application. Read More...
  • Mainframe Encryption
  • [2013-06-11 ]
    Increasing security threats leave the unprotected critical data within a mainframe environment vulnerable to security breaches. Read More...
  • Using Great Accounting Software to Create Quick and Accurate Finance Reports
  • [2013-05-17 ]
    OK, so it’s the end of the month, and your MD, CEO, Marketing Director, Sales Director and Finance Director are all after one thing – the finance report. Now if they all wanted the same report, with t Read More...
  • Having a Mobile Technology Strategy Matters
  • [2013-05-17 ]
    Did you know that (according to a recent survey) only 50% of businesses have the infrastructure in place to enable remote working of any kind? Read More...
  • Overview of Latest Features for IBM Ported Tools
  • [2013-05-17 ]
    IBM Ported Tools for z/OS is a program product to deliver applications and tools for z/OS platform and it is supported on z/OS 1.10 and above. Read More...
  • Mobile App development checklist to create new and noteworthy mobile apps
  • [2013-05-13 ]
    5 points to consider before you start the actual Mobile app development. Read More...
  • Mainframe SFTP – Overcome Inherent FTP Shortcomings
  • [2013-05-13 ]
    Interactive computing using the Time Sharing Option (TSO), Batch processing using the Job Entry System (JES) and controlling programs written in Job Control Language (JCL) and UNIX System Services. Read More...
  • Outlook 2010 Recovery Software Handling Recovery Outlook Project
  • [2013-05-04 ]
    The article unfolds many truths lead to causing serious damage to PST file in Outlook 2010. For the entire recovery of Outlook 2010, you can use Outlook 2010 recovery software. Read More...
  • Paperless, Online and Cloud Accounting – It’ll Do More than Reduce Your Carbon Footprint
  • [2013-05-04 ]
    Although paperless, online-based accounting will almost certainly shrink your carbon footprint, there are also other ways it can dramatically improve processes, save time and increase profits. Read More...
  • Microsoft PST Recovery Tool – Know What Gives Rise To Its Need
  • [2013-05-04 ]
    This segment lets you get familiar with one of the strongest and by far, amongst the severest causes of PST corruption that compels the need of Microsoft PST recovery software like Outlook Recovery. Read More...
      Submit Articles - Free Articles - Online Articles Submission  
      WebZine Articles ( is a registered trademark. All Rights Reserved. 2012