× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2003

Re: iSeries vs. Unix vs. SQL Server vs. Oracle &Security/Dataseparation???

> Who is suggesting just one firewall?  A company may have several LANs,
each
> offering a point of control within the company.  Each LAN segment may be
> controlled by a different firewall.  Each segment may serve a different
> purpose.  A malevolent person should have no idea of the route to the
> iSeries
> server, or the number of segments a request passes through after
connecting
> to the public IP address, or the purpose of those segments, or what
> protocols are supported on a segment, or what filters or translations a
> message may pass through before connecting to the HTTP server.

What on earth are you talking about? Who cares how many firewalls are
between the public internet and the webserver?  Your firewalls are routing
the traffic for you.  So if you have 5 firewalls, it doesn't matter.  You
still pass the person from outside to the webserver.  And sicne you want to
run your webserver on the iSeries with your database, he doesn't HAVE to
knwo where the iSeries is on the network.  he is already there.

>
> When the malevolent hacker finally connects to the HTTP Server, what will
he
> think when the server responds with something like "Hello, you've just
> connected to HTTP under OS/400"?

This line takes away any piece of credibility you have in this discussion.
So yuo are relying on the security of yuour server because nto many people
know how to deal with an OS/400?  Security through obscurity is wonderful
practice ... so is hiding your head in the sand.

> Why would you suggest that connecting to
> an OS/400 HTTP Server would offer access to "everything"?  It sounds like
> you're trying to pull a fast one!

The same as assuming conencting to IIS gives you "everythign" on the box.
Inherently it doesn't, but a security flaw can be taken advantage of which
could lead to full box comprimisation.


> Concerning the "application layer", shouldn't the question be which
platform
> offers the most secure environment for applications?

ok, and your point?  Run the webserver on an iSeries and run the app layer
and data on an iSeries.  I don't care about that.  I am jsut saying keep the
boxes separate.

> Someone must have suggested that multiple platforms are needed for
security
> purpose, and you believed them.  That's sad.

I think it is even sadder you are arguing this topic and you have no idea
about network security.

> Isn't the real reason for dividing Web services, applications, and
database
> services across multiple tiers in the Wintel world because a single box
> won't handle the workload?

No.

> You really haven't shown that it has anything to
> do with security!

Yes I have.  Repeatedly, but you do not know anything about network
security, or what you do know is inaccurate and incomplete.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.