Modify architected transaction program names

Learn the techniques used to prevent architected transaction program names from running on the system.

Some communications requests send a specific type of signal to your system. This request is called an architecture transaction program name (TPN) because the name of the transaction program is part of the APPC architecture for the system. A request for display station pass-through request is an example of an architecture TPN. Architecture TPNs are a normal way for communications to function and do not necessarily represent a security exposure. However, architecture TPNs might provide an unexpected entrance into your system.

Some TPNs do not pass a profile on the request. If the request becomes associated with a communications entry whose default user is *SYS, the request may be initiated on your system. However, the *SYS profile can run system functions only, not user applications.

If you do not want architecture TPNs to run with a default profile, you can change the default user from *SYS to *NONE in communications entries.

If you do not want a specific TPN to run on your system at all, perform the following steps:

Create a CL program that accepts several parameters. The program should perform no function. It should simply have the Declare (DCL) statements for parameters and then end.
Add a routing entry for the TPN to each subsystem that has communications entries or remote location name entries. The routing entry should specify the following:
- A Compare value (CMPVAL) value equal to the program name for the TPN with a starting position of 37.
- A Program to call (PGM) value equal to the name of the program that you created in step 1. This prevents the TPN from locating another routing entry, such as *ANY.