An administrator can invoke a security facility to monitor and control TCP/IP traffic to and from ClearPath MCP servers. Such security is critical in today's Internet-oriented operating environment. Unrestricted access can result in compromised data, corrupted program or data files, and serious service disruptions.

TCP/IP end system security applies to the TCP, UDP, and ICMP protocols, with both IPv4 and IPv6 addresses.

When TCP/IP end system security is running, the TCPIPSECURITY library controls the TCP/IP security function. Essentially, security is maintained by evaluating every TCP/IP dialog establishment against a set of Deny and Allow rules provided in an active rules file.

For every request failure, a TCP/IP SECURITY REPORT log entry is made in the SUMLOG.

The system security administrator must establish system-specific security rules, encode them in a rules file, provide ongoing maintenance of these rules, and regularly analyze the rule violations reported in the SUMLOG. For details about these security‑related tasks, refer to the MCP Security Overview and Implementation Guide. Note that any number of rules files can be defined; however, only one rules file can be in use at any time.

You can add, delete, modify, and test rules files by using the MCP TCP/IP Filtering component of Security Center. Refer to the MCP Security Overview and Implementation Guide and the Security Center Help for information on using MCP TCP/IP Filtering.