123ArticleOnline Logo
Welcome to 123ArticleOnline.com!
ALL >> Computers >> View Article

Secure Transfers On Z/os Ftp With Data Encryption

Profile Picture
By Author: Nate Rodney
Total Articles: 499
Comment this article
Facebook ShareTwitter ShareGoogle+ ShareTwitter Share

In a standard FTP session, all the data, including log-in credentials, are transferred in plain text. It is easy to snoop around an FTP transmission and capture sensitive data, resulting in great loss for a business. Mainframes contain business–critical information, so FTP use on the mainframe can be fatal for an organization.

File transfer technologies on z/OS
To avoid security issues caused by using FTP, the protocol has been extended a number of times with different security protocols/technologies. The security protocols/technologies provide authentication mechanisms to identify both ends of a connection, message integrity to ensure messages don't change in transit, confidentiality protection to prevent eavesdropping, and non-repudiation to provide undeniable proof that a message was sent and received, and by whom. They help to mitigate identity theft, theft of service, and eavesdropping. They ensure accountability. Most security technologies provide similar functions. They differ chiefly by operating at different layers of the IP stack layer.

On the z/OS platform, the most common technologies ...
... for secure file transfer are IPSec, SSH, and SSL/TLS.

Understanding SSL/TLS
FTP over SSL/TLS, better known as FTPS, is an extension that adds security to regular FTP by adding SSL (Secure Sockets Layer) and TLS (Transport Layer Security) cryptographic protocols. SSL is the original version of the technology. TLS is its successor. SSL/TLS is commonly used to protect HTTP sessions (the HTTPS protocol) as well as FTP sessions (FTPS).

SSL and TLS are widely recognized protocols that allow mutual authentication by establishing an authenticated and encrypted communication between the client and the server. Strong authentication, privacy, message integrity, algorithm flexibility, and ease of deployment and use are a few of the benefits of using SSL/TLS over other methods. On z/OS, SSL/TLS can be used by configuring AT-TLS (application-transparent TLS), which implements SSL/TLS security at the TCP transport layer, rather than at individual applications.

Cryptographic encryption
In cryptographic encryption, mathematical algorithms are used to transform data. The encrypted data is unreadable without the help of a secret key. The longer the key, the stronger the security. The chief limitation of cryptographic encryption is that it is CPU-intensive. It increases processor loads and thus affects system performance.

There are two types of encryption keys: symmetric and asymmetric.

Symmetric keys
Also known as conventional cryptography or secret-key encryption, this strategy requires both the client and the server to share a common key, which is used to encrypt and decrypt a message. This type of encryption is fast and is often used for bulk encryption/decryption. The major disadvantage lies with the task of securely exchanging the key.

Asymmetric keys
Also known as public-key cryptography, this method requires two different keys: the public key is for encryption; the private key for decryption. You can send me your public key. I can encrypt and send to you a message that only you can read, because only you have the private key. Data encrypted with the public key can only be decrypted with the private key. There is no way to derive one key from the other. Drawbacks of this method, however, are expensive computing processes, slower speed, and poor performance for bulk encryption.

Digital signatures
A digital signature holds a message digest (a key mathematically derived from the message data) encrypted with the sender's private key. Anyone can decrypt the signature with the public key, though only the signer can encrypt it. And anyone can re-generate a new message digest and compare it to the one in the signature. If the two digests match, the message has not been tampered with. Thus a digital signature confirms that the authorized person sent precisely this message; no one else has modified the text or tampered with the signature. This way, digital signatures ensure the integrity of the message and provide non-repudiation.

Since 1982, Software Diversified Services is providing first-quality software and technical support for IBM mainframes and VM, VSE, and mainframe ftp and z/OS systems. The VitalSigns for FTP (VFTP) product from SDS, provides monitoring, reporting, and security controls for file transfers by z/OS FTP, IBM Ported Tools OpenSSH, and enables Tectia SFTP.

Total Views: 237Word Count: 663See All articles From Author

Add Comment

Computers Articles

1. How To Develop An App From Scratch In 13 Steps
Author: goodcoders

2. 7 Steps To Create A Safe Mobile App
Author: goodcoders

3. Why Do Businesses Need Vendor Management Software?
Author: Kiran

4. React Native App Development By Alvi Software
Author: Alvi Software

5. Custome
Author: Owner

6. Few Good Insights To Follow With Pc Gaming In Australia!
Author: Jack Williams

7. Transform Your Online Store With Australia's Leading Ecommerce Developers
Author: themerchantbuddy

8. How To Choose The Right Technology For Your mobile App?
Author: goodcoders

9. The Rise Of User Centered Web Design
Author: goodcoders

10. Reasons Why Laravel Perfect For Web Development?
Author: goodcoders

11. Ssd Vs Sas Vs Sata Drives: Which Is Better For Your Dedicated Server Hardware?
Author: The CyberTech

12. Raid Servers And Data Protection: Common Myths About Raid Servers
Author: The CyberTech

13. Top 8 Do's And Don’ts When Dealing With A Corrupted Sd Card
Author: The CyberTech

14. Nvme Vs Ssd: What To Choose For Your Storage Solutions?
Author: The CyberTech

15. 8 Common Data Recovery Myths Exposed!
Author: The CyberTech

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: