|
From: Kevin Touchette <KTouchette@xxxxxxxxxxxx> We are faced with putting our system I boxes on the web...
Not to be pedantic, but allowing packets to be routed between an internal router / firewall to the System i is not precisely putting the System i "on the Web", so to speak. The public IP address should be assigned to a router / firewall, not to the System i. Nobody should be accessing the System i directly from the Internet. Network security should be handled by network devices, such as routers and firewalls, while application security should be handled by System i applications, such as the Apache based HTTP server, and other applications. It makes more sense to use network devices to handle network security, rather than say inserting a Windows server in the topology, simply because Windows is less secure, and adds complexity, but anyone advocating that Web applications run under Windows won't go along with that. Proponents of Windows based Web applications sometimes try to make an issue over allowing System i applications to manage application-level authentication and authorization, but it simply doesn't make sense. They may site consultants reports specifying a "secure topology", using distributed application servers, but overall, it doesn't make sense from a security perspective, no matter how many respected organizations are promoting it. They're promoting it because they're promoting distributed architectures, under the guise of network security, but it doesn't make sense. Nathan M. Andelin ____________________________________________________________________________________ Want to start your own business? Learn how on Yahoo! Small Business. http://smallbusiness.yahoo.com/r-index
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.