On 10/25/07, albartell <albartell@xxxxxxxxx> wrote:
is very secure (or is it now more politically correct to say "it has the
capability to be more secure out of the box" :-). Maybe you could write an

Especially the out-of-the-box experience is WORSE with i5/OS.

Let's see, you buy your first System i ever. A Model 9407-515, Express.

You start the machine.

A logon screen displays on the thin console.

You enter QSECOFR/QSECOFR, and are asked enter a new password. You
enter "abc123". The system accepts it.

(On Windows Server 2003, you will get a notice that this password is
insecure. You can set it anyway, but there is strong reminder that the
password is insecure).

You accept all software agreements. Now, you assign the machine an IP
address, in order to use iSeries Navigator to configure it. As soon as
the system has an IP adress, all doors are wide open.

Unencrypted Telnet, FTP, DDM, SNMP, etc. are all enabled!

You do not have the latest group PTFs installed! The system is already
fully exposed, and you might be missing important, security relevant

You start iSeries Navigator, connect to your system. Your password is
sent in plain text, so everyone can read it and enjoy your QSECOFR

(On Windows Server 2003, when logging for the first time, a firewall
automatically blocks all inbound ports, until you have installed the
latest security fixes! Remote Logon using Remote Desktop is disabled
by default, and when enabled is used with encryption!).

This is not secure out of the box. No matter if i5/OS is not
vulnerable against buffer overflows. And, by the way, WS2003 SP1 and
XP SP2 support DEP (Data Execution Prevention), which also mitigates
most buffer overflows.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].