× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2003

RE: iSeries vs. Unix vs. SQL Server vs. Oracle & Security/Datase paration???

Don,

Rob's suggestion for LPAR would probably be the best compromise, but you
could probably get by with as little as a second ethernet interface that's
exclusive to Websphere.  Using TCP/IP filtering, you should be able to limit
any non-http traffic to the web server.  Kludge..... 

I'm sorry, but I can't just say that I think it's alright to just deploy the
iSeries as a web application server without fully understanding the
potential consequences.  I definitely agree that it could be done on a
single server, and that it could be done WELL by the iSeries.  I DON'T think
it's a trivial task.

Eric DeLong
Sally Beauty Company
MIS-Project Manager (BSG)
940-898-7863 or ext. 1863



-----Original Message-----
From: McIntyre Don [mailto:dnmcin@xxxxxxxxx]
Sent: Monday, August 04, 2003 2:21 PM
To: Midrange Systems Technical Discussion
Subject: RE: iSeries vs. Unix vs. SQL Server vs. Oracle & Security/Data
se paration???


--- "DeLong, Eric" <EDeLong@xxxxxxxxxxxxxxx> wrote:
> Don,
> 
> I expect the the recommendations are, generally,
> what is considered best
> practice.  It's generally unsafe to expose your
> critical databases (and
> servers) to the public directly. 

I understand the concept and reasoning behind this.

This practice moots the 1 iSeries Server argument. 
'Now I HAVE to have more than one Server to provide
proper security'.  And it doesn't matter if the
deployment server is iSeries (according to the
'Experts')
  
Now what I believe and reality may not be the same in
this case, but here goes...IBM touts the iSeries as
the most secure or securable server on the Market. 
The concept of DMZ, Data separation is a necessity
when using PC Servers, and that this concept and
practice is widely used by PC administrators in order
to secure their vulnerable PC platforms.  They have no
other way.  They don't have an Object based system or
built in security, as the iSeries.

The problem is that if I go to 1 Server as most
respondents in this lists suggest, then I'm going
against the IBM recommendation and I do so at my own
security risk.

I know that nothing is 100% secure, but instead of the
separation, I would like to be advised on how to make
my System secure using one server, as everyone here is
advocating.  And I would also like for IBM to
recognize 1 Server as being a viable option.

Don McIntyre




__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.