IBM Support

What are the security implications of DYNADJCP=YES?

Question & Answer


Question

What are the security implications of DYNADJCP=YES?

Answer

By coding the VTAM start option DYNADJCP=YES, you allow connections to any CP, even untrusted ones. You need to secure your systems from allowing any non-predefined nodes from connecting to your system.

By specifying DYNADJCP=NO and overriding its value on specific link stations, you can limit connections to a specific set of CPs over some link stations, and allow connections to any CP over other link stations.

The default for the DYNADJCP start option is DYNADJCP=YES.

Take the following actions:

  1. Code DYNADJCP=NO as a start option.

  2. Override the start option with DYNADJCP=YES on those link stations (for example, Switched major node PUs) where you are sure of the identity of the nodes that are native to VTAM.

  3. Code an ADJCP major node for any remaining valid partners.

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSSN3L","label":"z\/OS Communications Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

ZOSCS COMMSERVER

Document Information

Modified date:
15 April 2015

UID

dwa1185678