How can I control inclusion of sensitive information in FTP server replies?

Question & Answer

Question

In some scenarios, it is considered a security issue to include IP addresses, port numbers, host names, and so on, in responses from FTP servers. How can I prevent this type of information from being included in responses from FTP servers?

Answer

Specify REPLYSECURITYLEVEL 1 in FTP.DATA to suppress sensitive information in FTP server replies.

The meanings of the allowed REPLYSECURITYLEVEL settings are explained below:

FTP.DATA: REPLYSECURITYLEVEL 0 / 1

0: Default. No restrictions on information included in server replies

1: No IP addresses, hostnames, port numbers, or operating system level information included in replies from the server

To illustrate, when REPLYSECURITYLEVEL 0 is specified or defaulted, operating system level information is displayed. But when REPLYSECURITY LEVEL 1 is specified, operating system level information is suppressed.

This feature affects the output of the STAT subcommand when issued from the FTP client to retrieve information on the z/OS Communications Server.

Suppressing sensitive information such as IP addresses from client replies increases the security of your site. However, such information can be useful for debugging. Activate the server trace to capture this information as an alternative to getting the information from server replies. See the IP Diagnosis Guide for information about using server traces to diagnose problems.

Rate this page:

[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSSN3L","label":"z\/OS Communications Server"},"Platform":[{"code":"PF035","label":"z\/OS"}],"Component":"","Version":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]

Product Synonym

ZOSCS COMMSERVER

Was this topic helpful?

Document Information

Modified date:
01 July 2015

UID

dwa1199832

Tips