× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. December 2002

RE: Remote Access (Again)

This is a multi-part message in MIME format.
--
Sorry - I did not mean to imply that it was more secure -
I should have been more "obvious" to my cringing at the
very thought of opening up port 23 -

But then again, a truly secure 400/Network,
is not attached to ANY outside forces, not even dial-up,
and has fingerprint or retina scanning authorization to
use the on-site equipment (which as you know both can
be fooled by anyone who is really ambitious)

IF you must have access to "green screen" over the internet,
VPN is your best bet - but have you looked into alternatives
to rumba for green screen emulation -

I have used a product called mocasoft (the 5250 version)
simple, small foot print, and cheap -
Their site claims to have a web/java version - which my
assumption would be that only port 80 would be open -
also something that I do not recommend -
Going the SSL route would be better, but almost as much
"work" as going VPN.

In the end, IF you must go through the internet,
it is your firewall that will protect you -
configure it carefully, and hide yourself as much
as possible from the outside world.
You should even be able to reject port scanners -
if you are configured properly on your connection.

And even with all this - make sure the people coming
in are secured too (weather dial-up/vpn/internet) -
if they do not have virus protection, you are not
protected.

I understand your position (going for cheap/quick/easy)
its the way the people holding the check book want to go -
don't let them, hold out for going secure, and test/test/test
before you release it; which ever way you end up going.

-Mark


-----Original Message-----
From: midrange-l-admin@midrange.com
[mailto:midrange-l-admin@midrange.com]On Behalf Of Hall, Philip
Sent: Tuesday, December 03, 2002 2:15 PM
To: midrange-l@midrange.com
Subject: RE: Remote Access (Again)



> IF you must do it this way (vpn is better, but still has holes -
> ask any "old" hacker turned security guru)
> I would (if you can do this) use a different port number at the
> client PC's hooked up to the internet (something obscure)
> and then at your firewall, port forward to your AS/400 ONLY,
> thus keeping the rest of your network hidden.

No, no, no, no, NO. Do not even do it 'this way'

This is, in no way whatsoever more secure[*] than just opening up port 23.

--phil

[*] It will take them (a hacker) maybe a minute or two longer to find the
open port using a port protocol scanner than it would if you use the default
of 23.
_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
or email: MIDRANGE-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

--
[ winmail.dat of type application/ms-tnef deleted ]
--

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.