× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 1998

Re: Connect via PC

John and Booth,
My best answer is to read the AS/400 book "Tips and Techniques for
Securing the AS/400", SC41-3300, or SC41-5300, depending on your release.
This book has a chapter on "Securing your APPC communications" and
another on "Securing you TCP/IP communications".

In general, with TCP/IP, security is dependant on the application they
are connected to.  With APPC, it is possible to do some things with
either QUSER authority, or the authority of the user profile that started
the initial connection.

I've interspersed comments below.

John Earl wrote:
>boothm@ibm.net wrote:
>
>> I ask this because I am curious.
>>
>> If someone does reach an AS/400 sign-in screen, can they get in if the
>> instructions from IBM have been followed about service passwords, etc.?
>
>Depends.  If they're connected via TCP/IP, (and no password sniffing is 
>assumed),
>then I think not.  If they're connected via SNA using Client Access, Rumba,

It really depends what application they're connected to.  The
security may be great, or it may be non-existant.

>Rally!, etc, then definetly yes.  A signon screen presented during an SNA
>connection implies that the router is connected and active.  Many things can be
>done to an AS/400 over an active SNA router (ODBC updates, file transfer, 
>Remote
>Command, etc.) without ever signing on to the 5250 green screen.
>
>Everyone who has SNA PC connections active on their AS/400 should view them as
>posing the same security risk as signed on  but anattended 5250 terminal.
                                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Well, a 5250 terminal with either the router user-profile signed on, or
QUSER signed on.  the key is to give QUSER or the 'router user-profile'
limited access to your AS/400.

> -SNIP -
>
>> -----------------------------------------------------------
>> boothm@ibm.net
>> Booth Martin
>> -----------------------------------------------------------
>>
>--
>John Earl
>PowerTech Toolworks
>johne@toolnet.com
>253-858-7388

Marty Keech, IBM AS/400 APPC, Payment Server, 'n Stuff
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.