RE: iSeries vs. Unix vs. SQL Server vs. Oracle &Security/Data separation???

[Scott Klement <klemscot@xxxxxxxxxxxx>]

On Wed, 6 Aug 2003, Chris Bipes wrote:

> Why put the HTTP SSL load on my iSeries when I have a cheap Web server in
> the DMZ?

That's always been my opinion as well.  I can set up a FreeBSD server that
will dramatically outperform the iSeries, and is 100 times as secure as a
Windows server for next-to-nothing... $400ish for a heavy duty PC with a
nice cooling system.  No point in putting the strain on an expensive
iSeries.

> So they break IIS and have full control of the web server.  The
> web server is a stand alone W2K box not in any work group or domain.

If they have full control of the box, they can add it to any workgroup
or domain that they like -- as long as it's accessible to this machine.

I'd be more worried about them sneaking a program into the system that
records things going to your web site, like credit card numbers,
passwords, e-mail addresses, etc, and then sends them back (perhaps via
anonymous USENET access, or some other untraceable fashion) to the
original hacker.

If you didn't know that they installed this program, they could be
leeching this information for a long time before anyone notices, and by
then they've got a lot of customers info, ready to use for whatever
purposes they deem fit.

Once things have been discovered, the potential lawsuits and bad press
could destroy you.

> Only runs IIS and one sock client application that takes request from
> IIS and re-formats them to the iSeries.  The socket client also connects
> to one of several iSeries, if the primary is down, it switches to a
> secondary.  We just reset once the primary is back up.

But, if they have "full control" of the box, they can install any software
that they want to, they're not limited by the client apps you've placed on
it.