BMS 3270 Intrusion Detection Service

This feature allows CICS® to detect if a 3270 emulator has invalidly modified a protected field generated by a BMS map. You can opt into this capability with a feature toggle, as described in Specifying feature toggles.

Modification of protected fields might compromise the security of an application. This feature works together with the 3270 Intrusion Detection Service provided by IBM® Communications Server. If configured, IBM Communication Server handles protection of all 3270 applications.

When both services are enabled, BMS generated 3270 data will be handled by CICS , and non-BMS 3270 data will be handled by IBM Communications Server. The advantage of enabling both is to ensure full coverage of all 3270 applications, but make use of BMS, to maximize performance and to enhance the information returned about any intrusion.

See 3270 Intrusion Detection Service in z/OS Communications Server: SNA Network Implementation Guide for the configuration and usage of 3270 IDS.

Note: If you need to configure BMS 3270 IDS to be specific about which applications or maps the service applies to, you can also use the URM DFHBMSX to configure BMS 3270 IDS. In general, this would only be necessary if an application made unusual use of the 3270 data stream and reported false hits.

Feature toggle


						com.ibm.cics.bms.ids={true|
						false
						}

Configuration options

com.ibm.cics.bms.ids.action={abend|ignore| log }

Specifies how CICS handles the detection of a protected field that is overwritten by a 3270 emulator. The values are as follows:

abend: CICS abends transaction ABSX.
ignore: CICS does not take any action.
log: CICS issues a DFHTF0200 message with the details of the overwrite. This is the default.

This configuration option sets the default that is passed to the URM DFHBMSX. If you want to configure the CICS action in a more granular way, use the URM DFHBMSX for configuration. The URM DFHBMSX overrides this configuration option.

com.ibm.cics.bms.ids.vtamignore={ true |false}

Specifies whether CICS informs IBM Communications Server that it is taking responsibility for checking the data when it is sending 3270 data related to a BMS request. This notifies IBM Communications Server's intrusion detection services that it can ignore the request. Use this option only under the guidance of IBM service.