× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MI400
  3. June 2001

RE: No single case of hacking...

  • Subject: RE: No single case of hacking...
  • From: "Joe Pluta" <joepluta@xxxxxxxxxxxxxxxxx>
  • Date: Thu, 7 Jun 2001 10:12:45 -0500
  • Importance: Normal
 
Leif, while I agree my machine doesn't prove much about AS/400 security, it
does prove a lot about Internet security. <grin>

My machine is not "locked down too tight".  It is a fully functional web
server, and can also be used to run web-enabled applications.  What more do
you think "should" be open?  Certainly not Telnet or FTP.  It just so
happens that I know full well that the only thing an anonymous user should
be able to do over the web is access the HTTP server.  Anything more and
you're an accident waiting to happen.

On the other hand, if I were to give you the appropriate passwords, etc.,
you could also access my machine through 5250 - I just don't make that sort
of information public.  Which is the way it's supposed to be.

On the third hand, if this were a Microsoft IIS server, you could break
through one of the many known security holes and get into my server and thus
my system, even with just port 80 access.  In this regard, the IBM HTTP
server is a much more secure web server than IIS.

Joe



> -----Original Message-----
> From: owner-mi400@midrange.com [mailto:owner-mi400@midrange.com]On
> Behalf Of Leif Svalgaard
> Sent: Thursday, June 07, 2001 9:18 AM
> To: MI400@midrange.com
> Subject: Re: No single case of hacking...
>
>
> Joe's machine is locked down too strongly for this.
> No ping, no ftp, no telnet, only serving webpages.
> It's like saying: "I'm secure, I allow noone on my machine,
> no programmers, no signons, no restore, no nothing.
> sure in this way you can be secure. Also as an additional
> measure: turn off the machine.
> So this is an extreme case and therefore does not
> prove that the AS/400 is vastly ahead re security.
>

+---
| This is the MI Programmers Mailing List!
| To submit a new message, send your mail to MI400@midrange.com.
| To subscribe to this list send email to MI400-SUB@midrange.com.
| To unsubscribe from this list send email to MI400-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: dr2@cssas400.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.