× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 2000

Re: AS/400 access through the Internet

  • Subject: Re: AS/400 access through the Internet
  • From: "Steve Glanstein" <mic@xxxxxxxxx>
  • Date: Thu, 15 Jun 2000 15:48:49 -1000
  • Importance: Normal
 
Dave:

Recommend using SSL on V4R4...you can make a certificate that goes into the
browser of the client and verifies that the client is talking to the AS/400.
Then you can lock out the non-SSL ports in the firewall as well as on the
AS/400 host. The data is entirely encrypted and the 128 bit encryption looks
like the way to do.

If this network admin. needs a demo, get 5769-AC3, 5759-CE3, 5769-SS1
options 34 & 35, use the HTTP (*ADMIN) server to setup digital certificates,
get authority to the proper directories using the procedures in the Redbook
(SG24-5191), install Client Express on a lan PC, install the digital
certificates, check off SSL, start a communications trace, and see if the
network admin. can find any user ids, password, or any other data.. (Whew,
that was a large sentence!)

<btw> see if your firewall is configured from "outside" of the network by an
"outside" software vendor. SSL is surely better than that approach...

>I have installed Client Access Express on company PCs so the users can
>sign on to the AS/400 through internet access. Everything  works fine. I
>had the Network Administrator open only 6 ports on our firewall to allow
>the access. This was done with the help of the IBM Support line.
>Now the Network Administrator wants to close the ports because it is too
>dangerous to have them open. Someone with a sniffer could detect User-id
>and passwords.

>I suggested that we upgrade to SSL but that idea was not received with a
>lot of acceptance.

Probably because they don't understand it...

>I would appreciate any suggestions on ways to make the connection secure.

Good luck,

Steve Glanstein
mic@aloha.com

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.