Re: want to allow easy home access to iSeries

[Jim Oberholtzer <midrangel@xxxxxxxxxx>]

Booth,

Most security breaches are employees that have normal access to systems, 
therefore the answer to your questions in order is no and yes, there is 
an inherent risk to allowing anyone to access the system.  That said, 
you have some control with employees, particularly if you have made them 
sign non-disclosure and electronic use policies that provide strict 
guidelines about what is acceptable or not.  Now the US and state laws 
will help enforce the security.

With non-employees you might have some of the same protections providing 
you have a strong contract with them that specifies what is allowable 
and what is not, but not the same.

The question really is, how much security is enough, and too much.  When 
humans are involved, everything is a calculated risk.

Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On 10/4/2011 12:40 PM, Booth Martin wrote:
> I am curious:  Without sounding like a wise guy with this question, is
> there something inherently safer in allowing employees to access the
> machine, but not non-employees?
>
> I am asking that badly.  Let me try it this way:  If the box is so
> insecure as to cause fright about connecting it to the Internet, then is
> there inherent risk in the box that is a concern for employee access, too?
>
>
>
> On 10/4/2011 12:21 PM, Jerry Draper wrote:
> > >  Don't kid yourself about tricking up the telnet port.
> > >
> > >  It's sniffable in a nanosecond.
> > >
> > >  J
> > >
> > >  On 10/4/2011 10:10 AM, Richard Schoen wrote:
> > > >>  Why not use Logmein.com ?
> > > >>
> > > >>  Set up an internal desktop with just the apps on it that are needed and let them at it.
> > > >>
> > > >>  No cost and no open firewall ports.
> > > >>
> > > >>  If you decide to open up Telnet, you might want to open up Port 21023 and map to Port 23 or similar so it doesn't sniff like a Telnet port if someone hits the address.
> > > >>
> > > >>  Regards,
> > > >>  Richard Schoen
> > > >>  RJS Software Systems Inc.
> > > >>  Where Information Meets Innovation
> > > >>  Document Management, Workflow, Report Delivery, Forms and Business Intelligence
> > > >>  Email:richard@xxxxxxxxxxxxxxx
> > > >>  Web Site:http://www.rjssoftware.com
> > > >>  Tel: (952) 736-5800
> > > >>  Fax: (952) 736-5801
> > > >>  Toll Free: (888) RJSSOFT
> > > >>
> > > >>  ----------------------------------------------------------------------
> > > >>  From:midrange-l-bounces@xxxxxxxxxxxx
> > > >>  [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Burns, Bryan
> > > >>  Sent: Tuesday, October 04, 2011 10:50 AM
> > > >>  To: Midrange Systems Technical Discussion
> > > >>  Subject: RE: want to allow easy home access to iSeries
> > > >>
> > > >>  Thanks for the input david.  We do have a VPN and I can use client access and the VPN to get on from home.
> > > >>
> > > >>  We have a handful of distributors that need to get on to do forecasting and don't have any network credentials so a VPN isn't something management wants to set up for them.
> > > >>
> > > >>  It's hard to tell from the Mochasoft advocates whether they're using a VPN or opening up port 23.
> > > >>
> > > >>  Bryan
> > > >>
> > > >>
> > >
> -- Booth Martin 802-461-5349 http://www.martinvt.com
> --