× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. December 2002

RE: Remote Access (Again)

There are many holes with telnet port 23 open to the world,
basically your whole network will be open to hackers to attack,
and do as they please -

IF you must do it this way (vpn is better, but still has holes -
ask any "old" hacker turned security guru)
I would (if you can do this) use a different port number at the
client PC's hooked up to the internet (something obscure)
and then at your firewall, port forward to your AS/400 ONLY,
thus keeping the rest of your network hidden.

Something else to consider, make sure that ping is turned off,
IE: someone pings your router/firewall, they get only a time-out,
that eliminates some of the brute force hacker attacks.

Since it has been 6-8 years since I used Rumba, I do not know if
you can config the PC app, if you cannot, then just use the
port forwarding at the firewall - that's better than nothing.

HTH

Mark Manske


-----Original Message-----
From: midrange-l-admin@midrange.com
[mailto:midrange-l-admin@midrange.com]On Behalf Of Edward Marczak
Sent: Tuesday, December 03, 2002 1:58 PM
To: midrange-l@midrange.com
Subject: Remote Access (Again)


Thanks to everyone who pointed me in the direction of Greenstreak and other
utilities.  While we may look at a new AS/400 soon, I have to get back to
getting some people remote access right now.

I need to allow certain people to access our AS/400 using Rumba and Arpeggio
(part of Rumba) over the Internet.  I've done some traces and I've found
which ports to open on my firewall to make this work.

My real question:  What are the security implications of leaving ports 23
and 449 open to the world?  If it's too nasty, I guess I'm looking at a VPN.
I'd like to avoid that just for the end-user confusion it causes.

Thanks for any tips on this.
--
Ed Marczak

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.