Ok, here is the rub with the Microsoft evangelists.  The system I in
question has company financial data and other things sitting on it.  We
want their web site and all of their web applications to run on the same
system. So we put another network card in their system and set up the
router to do NAT on the tcp/ip of that machine to an external number,
and only allow port 80 traffic through to that card on the box, then set
up the web server to respond to traffic from that IP address.  

  The Microsoft people are saying that it allows for possible hacks
through to our internal network by doing this that it's not standard
protocol for setting up a web server and that there should be a box
outside the firewall that doesn't touch anything inside our network,
then there is "no" chance for company data being compromised.  I.E. put
a windows box that does nothing but runs HTTP and FTP services outside
our firewall and talks to the system I machines through ODBC or JDBC or
something of that nature.

  What I'm trying to do is have some kind of security justification in
the system I setup, see how other people set up their servers and what
the security risks really are for this kind of set up.  I like this
system I setup because you can host each company's web site on their
system I and not bring down every company's site when you do maintenance
on their system as opposed to hosting all the sites on one Microsoft box
and dropping that box all the time.  I also like the fact that the
database is on the same system.

  I have to justify it because it's cheaper to set up the Microsoft
solution, it's hard to justify a system I that does nothing but serve
static web pages all day.  :)

Kevin Touchette



-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx]
On Behalf Of albartell
Sent: Monday, January 29, 2007 12:13 PM
To: 'Web Enabling the AS400 / iSeries'
Subject: Re: [WEB400] System i web accessibiltiy setup

Another question is there a web site or place where there are reported
system I web hacks or breaches through the web?  This has become a large
topic in our shop and something that looks like it could become a holy
war
between system I and Microsoft servers.

I think first you need to determine what you are trying to protect
against.
Some "hacks" are platform agnostic (i.e. DOS attack, AJAX
vulnerabilities,
etc).  In my mind the iSeries is much less susceptible to hacks than
Microsoft, partially because of popularity, and partially because of OS
architecture.

Maybe post what the Microsoft evangelists are saying and we iSeries
evangelist can dissect their concerns.  We need evangelists in here
somewhere if we are having a holy war, right? :-)

Aaron Bartell
http://mowyourlawn.com

-----Original Message-----
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx]
On
Behalf Of Kevin Touchette
Sent: Monday, January 29, 2007 11:49 AM
To: web400@xxxxxxxxxxxx
Subject: [WEB400] System i web accessibiltiy setup

Hello,

 

  We are faced with putting our system I boxes on the web and I was
wondering how you all handle this?  Currently we have a system where
we've
put two network cards in the system.  One is set up to allow only port
80
traffic to it with routes set up appropriately assigned to an external
tcp/ip address.  It sets up a pseudo DMZ scenario. 

 

  The question that I have is, 1) Do any of you have a set up similar to
this?  2) Is this scenario "secure enough"?  I know that it is not
necessarily the "recommended" approach but it gives flexibility in it's
setup for taking down certain sites and not others etc.

 

  Another question is there a web site or place where there are reported
system I web hacks or breaches through the web?  This has become a large
topic in our shop and something that looks like it could become a holy
war
between system I and Microsoft servers.

 

  Feedback is appreciated.

 

Thank you,

 

Kevin R. Touchette

 

--
This is the Web Enabling the AS400 / iSeries (WEB400) mailing list To
post a
message email: WEB400@xxxxxxxxxxxx To subscribe, unsubscribe, or change
list
options,
visit: http://lists.midrange.com/mailman/listinfo/web400
or email: WEB400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives at
http://archive.midrange.com/web400.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.