Re: protecting your public-facing, web-enabled IBM i from hackers

We have a separate partition that we use. This one is running at level 50 security and has a firewall between it and the internet as well as between it and the internal network. Exit programs are in place to block telnet and FTP traffic originating from it and only the ports we need are specifically open to internal or external networks. We're had it set up this way (except it was originally a separate physical machine) for about 11 years and we've not had any problems with it outside of the occasional DOS attack.

Matt


-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of elehti@xxxxxxxxxxxxxxxxxx
Sent: Friday, August 14, 2009 3:39 PM
To: web400@xxxxxxxxxxxx
Subject: [WEB400] protecting your public-facing, web-enabled IBM i from hackers

My question to all of you who have public-facing, web-enabled IBM I
machines running your core applications.
How do you secure this machine against possible hacking attempts from
outsiders?

If your website has web apps like self-service for your customers and
suppliers, allowing people to view/change data that resides on your
system, how do you protect your machine?
Or do you keep your system off the internet, and web-enable a secondary
file-server machine instead?

I am aware that thousands of banks and credit unions running their
[censored] core banking applications on the IBM I use a "middleware web
server" that acts as a conduit between the bank customer web page and
the System I, thus enabling banking customers to transact their banking
business without needing a different IBM user profile for each bank
customer. The RPGIV programs running on the System I send and receive
customer-specific information via data queues out to the middleware web
server.