Protect TI from Unauthorized Mainframe or IBM i Access
To prevent an attacker from using the mainframe or IBM i connection to access the server running Transaction Integrator, you should:
Utilize direct network connections over private segment.
Use IPsec, where supported, for IP communications between the host and Windows servers.
For SNA LU6.2 network connections to mainframe or IBM i computers, use Host Integration Server server-to-server data encryption when deploying upstream Host Integration Server computer as SNA gateway to downstream TI HIP computer.
For SNA LU6.2 network connections to mainframe, use Host Integration Server IP-DLC Link Service in conjunction with IPsec.
See Also
Transaction Integrator Threat Mitigation
Introduction to the IP-DLC Link Service
Secure Deployment of the IP-DLC Link Service