How to Evaluate SNA Security
We’ll show you how to evaluate SNA security in three steps:
• On a single mainframe (MVS image)
• On several computers connected as part of one network
• On computers on a series of connected networks.
Our approach is to identify all the MVS images, all the networks, and then all the cross-network connections. Next, we’ll evaluate all related risks and the tools available to provide security.
On the mainframe, all SNA options and objects are defined to the VTAM software in a data set called SYS1. VTAMLST. Within a given MVS image, VTAM only permits connections between LUs that are defined in SYS1. VTAMLST. The VTAM systems programmer is usually the only one who updates this control file.
Step 1: On each MVS image, you can learn the name of SYS1.VTAMLST by examining the Job Control Language (JCL) for the VTAM started task, which is often named NET. In that JCL will be a Data Definition (DD) card with the DDNAME of VTAMLST. This will tell you the dsname used in your installation for SYS1.VTAMLST. This partitioned data set will have:
• Start-up members (named ATCSTRxx)