× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2002

RE: Firewall in AS400

--
--
[ Picked text/plain from multipart/alternative ]
The instances you describe are discipline related.  You are monitoring how
the workers are working, checking for their web habits.  Its no different
than monitoring phone conversations to be sure workers are not doing
excessive personal stuff on Company time. This is a personel issue, not
security.   So far as types of services, isn't that controlled by the
servers themselves?

I can buy into the gateway type of approach of course, and which services
pass through the gateway.  But thats a gateway, not a firewall.

So far as being barraged by code red viruses at home....  me too.  They seem
to phone with their best deals right at dinner time.

I am not trying to be a wiseazz with these comments.  I am trying to focus
my thoughts on the purposes and the benefits.  The firewall buzz has become
a mantra and the goal has been lost imho.

My little linksys 4-port router does all the firewall services I feel I need
 and it'll handle 256 devices for under $100




---------------------------------------------------------
Booth Martin   http://www.MartinVT.com
Booth@MartinVT.com
---------------------------------------------------------

-------Original Message-------

From: midrange-l@midrange.com
Date: Thursday, April 11, 2002 11:43:09
To: 'midrange-l@midrange.com'
Subject: RE: Firewall in AS400

These days, I wouldn't think of connecting to the internet without some type
of firewall.

Are you asking what a firewall is supposed to do? It basically allows or
denies specific types of internet or LAN traffic between the untrusted side
of the firewall (usually a DMZ or the Internet) and the "trusted" side of
the firewall (usually the LAN, sometimes DMZ).

Does one need graphs to see a firewall's effectiveness? Not really. I see
proof of my firewall's operation in a number of ways:
1. Services I do not want to let the world see (Windows file sharing,
Telnet, general local LAN traffic) are not routed to the internet and are
blocked at the firewall
2. I only want specific services "published" to the internet (incoming SMTP,
incoming HTTP, incoming Secure Shell). Other access initiated by the outside
world are denied.
3. I want to restrict the activities of using the internet with respect to
the local network. For example, the firewall can block outgoing
Napster/Gnutella/peer-to-peer file sharing (note that p2p over HTTP cannot
be blocked).
4. I want to log the kind of traffic occurring between my LAN and the
internet. Not necessarily for reason 3, but to say "most internet traffic on
our LAN is web surfing related" or "most traffic is email (SMTP) related".

A firewall is decent by itself, but its real power comes in play when
intrusion detection software is installed. My network at home is constantly
barraged by code red type viruses. For me, since I use Apache as a web
server on *NIX, those requests are implicitly dropped (no cmd.exe on my
system). An IDS can note these occurrences, as well as port scans and direct
DOS attacks. I can call up a report of how many times I was attacked, by
which method, from which host, etc.

Selling point or not, I would not connect a computer "naked" to the internet
per the above. I have outlined a general network above, but this also
applies to the AS/400. Today, you want as many layers of protection between
you and the internet as possible. They won't be 100% effective, in light of
finding bugs in published services, setup error, operations error, or
outright sabotage, but it greatly reduces the risk.

Or did I miss the point entirely? :)

Loyd


-----Original Message-----
From: Booth Martin [mailto:Booth@MartinVT.com]
Sent: Thursday, April 11, 2002 10:01 AM
To: midrange-l@midrange.com
Subject: RE: Firewall in AS400


--
--
[ Picked text/plain from multipart/alternative ]
I understand the politically correct position of needing a firewall. The
implication of the "firewall" name is that a needed and effective additional
level of security is somehow provided by installing a firewall with a
wonderful set of graphs that portray horrendous scenarios of a worlwide
conspiracy.

Is that true? The answer is of course "Yes, dummy, its absolutlely
essential." But what does it really do? Does it amount to anything useful
from a security perspective?

I am completely aware of the political discussions and the sales person's
sales pitch. I'd like some facts though.

---------------------------------------------------------
Booth Martin http://www.MartinVT.com
Booth@MartinVT.com
---------------------------------------------------------
_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
or email: MIDRANGE-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


.
--
[ Content of type image/gif deleted ]
--

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.