|
Internet<==>router<==>firewall 1<==>firewall 2<==>firewall 3<==>System i That diagram probably is overboard, but it depicts a number of network devices that could separate a System i from the Internet, where each device could serve a different purpose, ranging from address translation, to packet filtering, to establishing a DMZ, to rebuffing denial of service attacks that could target the System i. If you replace any one of those network devices with a server running a Windows HTTP service, and establishing an ODBC connection to the System i, the interface would be less secure than one that just routed valid HTTP traffic to / from the System i HTTP server. Nathan M. Andelin ----- Original Message ---- From: Kevin Touchette <KTouchette@xxxxxxxxxxxx> To: Web Enabling the AS400 / iSeries <web400@xxxxxxxxxxxx> Sent: Monday, January 29, 2007 12:20:47 PM Subject: Re: [WEB400] System i web accessibiltiy setup Ok, here is the rub with the Microsoft evangelists. The system I in question has company financial data and other things sitting on it. We want their web site and all of their web applications to run on the same system. So we put another network card in their system and set up the router to do NAT on the tcp/ip of that machine to an external number, and only allow port 80 traffic through to that card on the box, then set up the web server to respond to traffic from that IP address. The Microsoft people are saying that it allows for possible hacks through to our internal network by doing this that it's not standard protocol for setting up a web server and that there should be a box outside the firewall that doesn't touch anything inside our network, then there is "no" chance for company data being compromised. I.E. put a windows box that does nothing but runs HTTP and FTP services outside our firewall and talks to the system I machines through ODBC or JDBC or something of that nature. What I'm trying to do is have some kind of security justification in the system I setup, see how other people set up their servers and what the security risks really are for this kind of set up. I like this system I setup because you can host each company's web site on their system I and not bring down every company's site when you do maintenance on their system as opposed to hosting all the sites on one Microsoft box and dropping that box all the time. I also like the fact that the database is on the same system. I have to justify it because it's cheaper to set up the Microsoft solution, it's hard to justify a system I that does nothing but serve static web pages all day. :) Kevin Touchette ____________________________________________________________________________________ Now that's room service! Choose from over 150,000 hotels in 45,000 destinations on Yahoo! Travel to find your fit. http://farechase.yahoo.com/promo-generic-14795097
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.