× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



What exactly are you using SSL to protect?  I guess I'll assume you're
protecting telnet/tn5250 logons...

In that case, SSL can be (arguably) more secure than a VPN.  Turn on
client authenticaion, so that the client MUST present a valid certificate,
and have the AS/400 only accept certificates signed by itself.  Very
secure.

And what makes this even more secure than a VPN is that if the remote
system were hacked (the end-user that's offsite) then they'd only be able
to get a sign-on screen.  And with that, they'd have to know a name and
password...   whereas, with a VPN, they'd have access to the whole
network, potentially there'd be something exploitable.

Of course, like everything in computer security, if it's set up poorly
either option could be insecure...

HTH

On Wed, 6 Feb 2002, Roger Vicker, CCP wrote:

> Hello,
>
> For an AS/400 (V5R1M0) tucked behind a firewall would using SSL be
> that much more of a risk than using the firewall's VPN upgrade and
> clients? By opening the needed SSL ports and issuing the certificates
> the cost would be minor compared to VPN. The expected users would not
> need access to other protected network resources so that added
> capability of VPN is not needed.
>
> Thanks for your expertise and opinions,
>
> Roger Vicker, CCP



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.