How can you secure access to TCP/IP via Top Secret for z/VSE?

How can you disallow the ANONYMOUS logons to connect?

1. Define the TCP/IP Facility to the Top Secret TSSPARMs member:
   

   FACILITY(USERnn=NAME=TCPIP)                                               FACILITY(TCPIP=PGM=IPNET)FACILITY(TCPIP=MULTIUSER)FACILITY(TCPIP=AUTHINIT)FACILITY(TCPIP=RES)  FACILITY(TCPIP=SHRPRF)  FACILITY(TCPIP=NOABEND) FACILITY(TCPIP=SIGN(M))  FACILITY(TCPIP=MODE=FAIL)

2. Define the TCP/IP user with DUFXTR and DUFUPD permission:
   

   TSS CRE(TCPIP) NAME('TCP/IP') TYPE(USER) DEPT(DEPT) -                                    PASSWORD(xxxxx,0) FACILITY(STC,TCPIP) MASTFAC(TCPIP) -                   NOVOLCHK NORESCHK NOLCFCHK NODSNCHK NOSUBCHK  TSS ADD(TCPIP) FAC(BATCH)  TSS ADD(TCPIP) DUFXTR    TSS ADD(TCPIP) DUFUPD   

3. Authorize users accordingly to the TCP/IP Facility:

   TSS ADD(myuser) FAC(TCPIP) 

4. Update the TCP/IP IPINIT deck for security:

   DEFINE SECURITY,DRIVER=BSSTISX,DATA='ANONYM,ANONYM,'                          (This statement means that the security is activated via BSSTISX and the    ANONYMOUS userid will be ANONYM and password ANONYM on TCP/IP point of view)  

5. Define the 'ANONYMOUS' userid in Top Secret with a password, so it cannot be signed on without the password.

   TSS CREATE(ANONYM) NAME('ANONYMOUS TCPIP')  PASSWORD(anypassword,0) -                                           TYPE(USER) DEPT(DEPT) 

6. Add a '// ID' statement to the TCP/IP startup JCL:
   

   // ID USER=TCPIP,PWD=password 

Please see Product Information Bulletin (PIB) RI07005 for more information.