We have a separate partition that we use. This one is running at level 50 security and has a firewall between it and the internet as well as between it and the internal network. Exit programs are in place to block telnet and FTP traffic originating from it and only the ports we need are specifically open to internal or external networks. We're had it set up this way (except it was originally a separate physical machine) for about 11 years and we've not had any problems with it outside of the occasional DOS attack.

Matt


-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of elehti@xxxxxxxxxxxxxxxxxx
Sent: Friday, August 14, 2009 3:39 PM
To: web400@xxxxxxxxxxxx
Subject: [WEB400] protecting your public-facing, web-enabled IBM i from hackers

My question to all of you who have public-facing, web-enabled IBM I
machines running your core applications.
How do you secure this machine against possible hacking attempts from
outsiders?

If your website has web apps like self-service for your customers and
suppliers, allowing people to view/change data that resides on your
system, how do you protect your machine?
Or do you keep your system off the internet, and web-enable a secondary
file-server machine instead?

I am aware that thousands of banks and credit unions running their
[censored] core banking applications on the IBM I use a "middleware web
server" that acts as a conduit between the bank customer web page and
the System I, thus enabling banking customers to transact their banking
business without needing a different IBM user profile for each bank
customer. The RPGIV programs running on the System I send and receive
customer-specific information via data queues out to the middleware web
server.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.