We use the "Secure only" option for Telnet, (under the General tab of
TELNET Properties) which effectively turns off port 23.
IP Packet rules can give you an additional layer of security and they're
very easy to implement using statement like these:
FILTER SET Users ACTION = PERMIT DIRECTION = * SRCADDR = nnn.nnn.nnn.nnn
DSTADDR = * PROTOCOL = * DSTPORT = * SRCPORT = * JRN = OFF
FILTER SET InboundTelnet ACTION = PERMIT DIRECTION = INBOUND SRCADDR = *
DSTADDR = nnn.nnn.nnn.nnn PROTOCOL = TCP DSTPORT = 23 SRCPORT = * JRN =
OFF
FILTER SET Block ACTION = DENY DIRECTION = INBOUND SRCADDR = * DSTADDR =
* PROTOCOL = * DSTPORT = * SRCPORT = * JRN = FULL
Access the packet rules editor using the System i Navigator under
Network/IP Policies. Be sure to create a rule allowing your workstation
first, or you could end up locked out completely!
More info is at:
http://as400bks.rochester.ibm.com/iseries/v5r1/ic2924/info/rzajb/rzajb00
0.pdf
Regards,
Scott Ingvaldson
Senior IBM Support Specialist
Midwest Region Data Center
Fiserv.
-----Original Message-----
From: Scott Klement [mailto:midrange-l@xxxxxxxxxxxxxxxx]
Sent: Tuesday, August 24, 2010 11:38 PM
To: Midrange Systems Technical Discussion
Subject: Re: Securing port 23
(confused) What do you mean by "turned off port 23" if you haven't
already blocked it through the firewall? If you have blocked it
through the firewall, then you've already secured it from beyond the
firewall, haven't you?
Why do you want/need unsecured telnet, anyway?!
Trevor Perry wrote:
I have a customer who has turned off port 23 and only uses SSL. We
have a
requirement where we must use port 23 for unsecured telnet. How can I
ensure
that opening port 23 does not expose telnet beyond their DMZ/firewall?
midrange.com
