When hardening an
Enterprise Server installation, review the following steps. Consult the topics in this document and related ones in the your product Help for
more information.
- Disable unneeded features
- Reduce the attack surface by disabling any features you are not using in
Enterprise Server and your
enterprise server regions.
- Use ESF
- Use the External Security Facility (ESF) with LDAP-based security for a comprehensive set of security controls. The legacy
security mechanisms (MFDS Default Security and CAS SNT) are not sufficient.
- Eliminate well-known credentials
- Remove all of the default accounts, or change their passwords. Assign passwords to default and system accounts which do not
have them in the sample configuration: mfuser, CICSUSER, IMSUSER, and JESUSER.
- Enable additional controls
- Enable additional security controls which are not enabled in the sample security configuration.
- Restrict administrative access
- Create resource access control rules to restrict what non-privileged users can do with the administrative user interfaces,
utility programs, and APIs.
- Restrict remote program execution
- Apply various mitigation to make it more difficult for attackers to execute arbitrary code or abuse existing applications
and programs.