|
1. Make sure the client PCs are running antivirus software and personal firewall software. This needs to be a requirement and not an option. Practically any of the available packages will suffice, but consider that to be mandatory. Any system, local or remote, that has access to your network should be considered a potential entry point for hackers. If possible, add a spyware remover remover like Ad Aware. 2. Have the remote folks VPN to your network. Have additional firewall/router rules to restrict their access to just the systems/ports they'll use, i.e. just the iSeris' IP address & CAE ports but not your file & print servers. Your remote users now have secure access to the iSeries and whatever other services you allow them to get access to. No messing with SSL or anything else required as the VPN provides your security layer. Your iSeries itself is unmodified. 3. If your developers are internal, do you need to secure their 5250 sessions? Properly configured, outside resources can't see their traffic and if there are insiders sniffing the wire you've got bigger problems. If your developers are external, have them use the VPN like the external users. I periodically telecommute so I VPN in to the corporate network. From there I can access our systems, full email, etc. No concern about security because the VPN provides it. The one caveat about VPNs: Any internet access done while a VPN is connected will generally route to the internet through the VPN. So if your clients VPN to you and then go surfing to Yahoo, download movie trailers, whatever, it'll use your bandwidth. We instituted a severe restriction on internet access through the VPN. As far as webifying your 5250 apps, other can speak to this. - John -----Original Message----- From: Gerald Kern [mailto:gkern@xxxxxxxxxxxxxxxxxxx] Sent: Tuesday, April 08, 2003 6:34 AM To: midrange-l@xxxxxxxxxxxx Subject: VPN & web enabling applications Let me first say that I'm am looking for general direction and bullet points for achieving the objective. Suggested manuals, redbooks, links to appropriate websites would be appreciated, as well as any general summary of recommended direction. OBJECTIVE: Develop a strategy to enable secure, stable web based/browsing and CAE/400 access to our iSeries applications. Our organinization is a large medical facility supporting over 100 physicians onsite, and it will also require additional support for multiple (30+) remote locations. I would like to provide support to users via browsers for 5250 apps (something along the lines of CGIDEV2 perhaps?), along with the iSeries developers who will be using traditional CAE/400 5250 to do development (some code/400 users too), remote support and testing, as well as access the apps too. We have two iSeries, one for production and one for development - the development system is also our production Domino email server. Our iSeries apps are a mix of old Sys/38 code, some RPG/400 and a lot of newly developed & deployed ILE RPG using embedded SQL with bound modules, prototyped procedures, subprocedures and so forth (with activation groups of *CALLER). To my knowledge, webfacing is not a practical solution at this point due to the nature of our heavily influenced ILE applications, which will most likely be the majority of applications to be accessed. My first step will be to utilize VPN to access our Novell Network thereby providing the link to two iSeries systems. My first goal is to establish the VPN connections and ensure that they are stable and totally secure to both the iSeries. The next step will be to provide secured telnet 5250 access to both systems to the developers. Once this is established, stable, and secure, we will then determine which apps to web-enable and choose the method to achieve web-enablement based on the underlying nature of the chosen app(s). I'm not sure what Websphere has to offer in terms of support for this project, only because I have limited resources ($$$ and bodies), and also little time to devote to Websphere & Java type training. For the most part, this is being done as "proof of concept" for upper management. Most likely I will be doing most of the work here too. I'm only looking for the 30,000 ft overview. Comments and general directions and suggetions will be greatly appreciated. This can be taken offline if anyone cares to go much deeper into this than is practical here. Thanks, Gerald Kern gkern@xxxxxxxxxxxxxxxxxxx This e-mail is for the use of the intended recipient(s) only. If you have received this e-mail in error, please notify the sender immediately and then delete it. If you are not the intended recipient, you must not use, disclose or distribute this e-mail without the author's prior permission. We have taken precautions to minimize the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this message. We cannot accept liability for any loss or damage caused by software viruses.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
