1.800.443.6183         001.763.571.9000

> click for Product Trials         > click for Product Webcasts

Home » Net-Examine™: Enterprise Extender & SNA Security » Enterprise Extender & SNA Security White Paper

• HOME
• ABOUT US
  • Company Overview
  • Affiliations
  • Clients
  • Distributors
  • Acquisitions
  • Careers
  • Site Map
  • Privacy
• PRODUCTS
  • All Products
  • VitalSigns Detective
  • VitalSigns for FTP (was SFM)
  • VitalSigns for IP
  • VitalSigns for NAC
  • VitalSigns for VTAM
  • Tectia™
  • PGP® Command Line
  • ConicIT
  • TurboTune
  • Net'Q & Net-Examine
  • SMART TS XL
  • Current Product Versions
• SUPPORT
  • Product Keys
  • Distributors
  • Tech. Support Request
  • Current Product Versions
  • SDS Manuals
  • Product Suggestions
  • Browser Configuration Help
• RESOURCES
  • Product Trials
  • Product Webcasts
  • FAQ
  • Product Demos
  • Brochures
  • Press Releases
  • Videos / Slide Shows
  • Whitepapers
  • Customer Case Studies
• KNOWLEDGE BASE
  • Vital Times
  • Dictionary of the Mainframe
  • Industry Publications
  • Response Time Illustrated
  • TCP Connection Life Cycle
  • About Java
  • About Web Browsers
  • About Javascript
  • About Cookies
  • About PDF
  • About D. S. Time
• EVENTS
• CONTACT US

Enterprise Extender & SNA Security White Paper

EE and SNA Mainframe Security

by Anura Gurugé, July 2009

SNA isn't Hacked for Sport; It's Infiltrated for Money, Power, and Intelligence

APPN/EE Mainframe Firewall & VTAM Definition Scrubbing from SDS

SNA applications used to be secure, but not anymore. That IBM's z/Center of Excellence, in 2008, would publish a 47-page manual titled Securing an SNA Environment for the 21st Century should have been a HUGE red flag.

An ultra-secure, fully encrypted IP network, with state-of-the-art firewalls and "clean" workstations running the best anti-threat technology, does not mean that your mainframe SNA/APPN applications are safe.

SNA threats come not from bored teenagers hacking for thrills, but from seasoned professionals expertly infiltrating SNA applications for financial, political, or espionage gain.

Firewalls with IP-orientation are not equipped to deal with SNA-specific threats designed to interact with VTAM on a peer-to-peer basis.

Compromise of SNA applications get close to zero publicity for four primary reasons:

• Enterprises do not want to tell the world that their mission-critical applications and databases were breached.
• No watchdog organizations monitor SNA vulnerabilities, in contrast to the groups and individuals who track threats to workstation software.
• The people infiltrating SNA applications have no desire to publicize their exploits.
• Given the expert stealth involved, threats go undetected, even by z/OS IDS. Many enterprises never realize that they have been and continue to be compromised.

For dealing with this challenge, IBM strongly recommends as many layers of policy-based security as possible.

The APPN/EE Firewall and VTAM definition scrubbing product available from SDS is indeed a policy-based solution--designed to analyze and verify the validity of all SNA/APPN log-on sequences via the application of sophisticated, context-sensitive APPN/EE-specific policies.

continued...(click here, *.pdf, 500 Kb)

SDS fully respects your privacy. We share your visit with no-one.

• Net Examine Trial
• Net'Q Capabilities, Cases
• Free Download
• Security Seminar
• Net-Examine
• White Paper
• APPN-EE Firewall