|
Actually, there is a real security risk with opening anything up to the internet. Hackers gain access by patience more than anything else. I think that a VPN, although not 100% secure in itself, combined with he log on to the AS/400 provides a very secure situation. The, if someone wanted access to your AS/400 they would have to break into the VPN and then still have to guess the passwords. Make sure that all passwords for default accounts are changed! It is possible for anyone to gain a list of the default passwords for AS400 system accounts. In fact, I was in a book store once and ran across a hacker magazine, 2600, I opened it up and was glancing through it and saw a section on hacking into an AS/400. I bought the magazine and took it to work, and closed the security holes it exposed. I think all the security holes it exposed were the default passwords. Once a knowledgeable person is in your system, with whatever password, there are ways they can attempt to gain further access. Perhaps the account they are using doesn't' have that much authority, but if they can find out other accounts on the system, they can try to gain access to their accounts. Unfortunately, the mind set now seems to be, that there are so many computers on the internet, what are the odds that someone is going to try to hack into our system? Well, if you're a fortune 500 or government, the odds are about 100%. Maybe even a little higher <g> If you're some small business, odds are small, oh, but what about that disgruntled employee that was let go? Even if he doesn't know that much about computers, he can bantar your name about if he wants. The AS/400 in and of it self is a very secure machine, if it is set up properly, but once you give exposure to it, the security drops. Consider this, would you put a machine with an AS/400 sign on to your system out on the street for anyone to come along and play with? That is basically what you are doing with allowing telnet to your AS/400 without any other security. Gary L Peskin wrote: > Dale -- > > Why not propose a VPN (Virtual Private Network) solution. This will > encrypt all traffic between the client and the host or firewall, > depending on how you set it up. > > I don't fully understand how opening the firewall to VPN Telnet/FTP > traffic would allow someone to defeat the firewall by "poking around." > Perhaps you could get specifics on this. > > There are plenty of companies that allow this type of remote access. > > Gary > > "Draper, Dale" wrote: > > > > I forwarded some of your emails to our network guy asking him if he could > > configure this for a couple of our offsite people, this was his reply: > > > > "yes. one big one.. SECURITY.!!! i would open a hole in the FW to allow > > all ipaddresses to that machine. over the specfic ports... but one may > > defeat the firewall by trying to poke arround an possibly gain whron > > access.. i have strong feelings against this and whould have to be taken up > > with the director." > > > > Are his concerns warranted, or is he being careful out of ignorance? > > > > Dale Draper > > Sega Enterprises, Inc. (USA) > > Dale.Draper@seu.sega.com > > > > > -----Original Message----- > > > From: Carl Galgano [SMTP:cgalgano@ediconsulting.com] > > > Sent: Monday, August 23, 1999 1:19 PM > > > To: MIDRANGE-L@midrange.com > > > Subject: Re: Internet to AS/400 session > > > > > > Joe: > > > You need to talk to your firewall folks. The firewall must allow inbound > > > telnet traffic and route it to the proper port (probably 23) on the > > > internal > > > IP address of the AS400. It is really hard to give you any specific > > > advice > > > without knowing your firewall and configuration. Good luck. It IS > > > definitely possible. > > > CJG > > > Carl Galgano > > > EDI Consulting Services, Inc. > > > 540 Powder Springs Street > > > Suite C19 > > > Marietta, GA 30064 > > > 770-422-2995 > > > mailto: cgalgano@ediconsulting.com > > > http://www.ediconsulting.com > > > EDI, Communications and AS400 Technical Consulting > > > > > > -----Original Message----- > > > From: Joe.Lutterman@wengercorp.com <Joe.Lutterman@wengercorp.com> > > > To: MIDRANGE-L@midrange.com <MIDRANGE-L@midrange.com> > > > Date: Monday, August 23, 1999 4:06 PM > > > Subject: Internet to AS/400 session > > > > > > > > > > > > > > > > > >Does anyone know how to obtain access to an AS/400 session from an > > > internet > > > >connection? > > > >I also have a firewall between internet and AS/400. > +--- > | This is the Midrange System Mailing List! > | To submit a new message, send your mail to MIDRANGE-L@midrange.com. > | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. > | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. > | Questions should be directed to the list owner/operator: david@midrange.com > +--- +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
