Security

The AS/400 as a Sacrificial Lamb

One of the ways to protect your internal network is to physically unplug it from the external network. In this scenario you would place the AS/400 directly on the external network and trust entirely in the (very good) security provided with the AS/400.

• Data would not be 'live', as it would need to be uploaded to the Internet Server AS/400 by tape or some other mechanism.
• This would be very good for HTTP, anonymous FTP, or WSG with an exit program as all of these can provide very good security.
• No compilers
• No restore commands
• Protect HTTP configuration file, all communication commands.
• Limited number of user profiles, and what profiles you do have are severely limited in the objects they can access.
• *SECOFR user profile can only sign on to a defined twin-ax attached device.
• Only have the servers (deamons) running that are needed.
• Security level 40 (Integrity Protection) recommended.
• Audit this system often.

Agenda

SEC064