I understand the emotional impact of just putting a company's AS/400 on the 
internet, naked, just waiting for pot-shots from who-knows-where.  

The concerns over line sniffing seem no more serious though then the concerns 
one has with tapped phone-lines and snoopers going through the dumpsters.  The 
threats are real of course, and we do have our lines checked and our dumpsters 
are secure and we do know where the trash goes when it leaves the premises, but 
it is all a normal business operation and we weigh our costs vs. our risks.  We 
all have phones and we all have dumpsters.

I am not against security, but take a good look.  The choices may be wider than 
you suspect.  Mission critical is not the same thing as security-sensitive 
information.  Payroll is critical, but I see no real risk to receiving weekly 
time sheet information from remote locations by having them key into a work 
file on the AS/400, or even Ftping a small file for instance.  The risk is 
certainly no worse than the information being faxed or mailed. 

 Not every piece of company information has the same need for security.  No one 
gathers up the company's sales literature every night and locks it in a vault.



In <000a01be6c92$56b24020$0dc810ac@desktop>, on 03/12/99 
   at 09:12 AM, "Jeffrey Silberberg" <jsilberberg@mindspring.com> said:

>Boy,

>        This is a very scary statement.  I would suggest that you think
>very long and hard about putting a valid public IP address directly on
>your AS/400 IF it is running any mission critical applications.  Rather I
>recommend to my customers that they use a private IP address (RFC-1918)
>for there AS/400 and map the connections they wish people to have from
>the Internet to the AS/400 through a FireWall.  Don't map FTP or Telnet
>if all you want is a SSL Web server connection.

-- 
-----------------------------------------------------------
boothm@ibm.net
Booth Martin
-----------------------------------------------------------

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---


This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].