Signon Validation Encrypted In CA Top Secret?

book

Article ID: 53033

calendar_today

Updated On:

Products

CA Cleanup CA Datacom CA DATACOM - AD CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA Datacom/AD CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware CA Top Secret CA Top Secret - LDAP CA Top Secret - VSE

Issue/Introduction

Question:

SSL is used to connect to the Mainframe. When a user connects from Mainframe TN3270 or FTP and enters their ID and password, how and where is this information validated? Is the information that is stored in the CA Top Secret security file encrypted?

Answer:

The userid and password are validated by CA Top Secret. For example, a user connects to the mainframe using an SSL connection with FTP/SSL. Digital certificates are exchanged and verified. If OK, the connection is established.

Then the userid/password is entered from TELENT/FTP to signon. This signon is processed/validated by CA Top Secret. The data such as userid/password on the security file is encrypted. When running jobs or reports, a reference to a password is replaced by question marks, such as when the utility to list changes security file is run. The password is also encrypted when CPF?d to other systems.

The security file is a protected by default. To make changes to the security file, the person must be defined as a CA Top Secret security administrator. The data on the CA Top Secret security file is encrypted.

CA Top Secret has many security record types on the security file which are encrypted. For someone to get a password from the security file, that person would have to know how to:

  1. Decrypt the security file which requires your encryption key and how to decrypt the encryption method we use.
  2. Then find the appropriate security file record.
  3. And then find the field in the record that contains the variable length password.

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component: