Hi there!

I was following the interessting argument for quite some time now and like to share some thoughts. Two short statements in your last post actually gave me a bad gut feeling:

- System i is the most easily secureable box of the planet
- System i with only port 80 exposed

I am sorry but this is not a matter of philosophy anymore. If you work in the security business the following concept is beyond dispute best practice:

No mission critical system should have a direct link to the outside world. Period.

And sorry again but potential extra complexity can't be a valid argument for reducing security. I mean you used that word yourself: "expose". Really - that's exactly what it is. Exposing a system to potential danger. Willingly and unnecessarily.

*Only* port 80? I was literally gasping when I read that. Quick calendar check - yes it is still 2007 and not say 1980 ...

The internet is bad, m'key? We're talking iSeries here so money can't be that big a deal if we want to design a multi-tier state of the art security infra-sctructure:

1. "Decent" firewall. Decent reads: does more than port filtering. Intrusion detection and DoS protection for example. Content filtering maybe.

2. DMZ. Just do it.

3. Proxy / reverse proxy. Less pain as it sounds. Will give you additional control.

4. Your iSeries stays on your LAN.


I am calm now. ;-)



Mit freundlichen Grüßen

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.