Security
The AS/400 as a Sacrificial Lamb
One of the ways to protect your internal network is to physically unplug it from the external network. In this scenario you would place the AS/400 directly on the external network and trust entirely in the (very good) security provided with the AS/400.
- Data would not be 'live', as it would need to be uploaded to the Internet Server AS/400 by tape or some other mechanism.
- This would be very good for HTTP, anonymous FTP, or WSG with an exit program as all of these can provide very good security.
- No compilers
- No restore commands
- Protect HTTP configuration file, all communication commands.
- Limited number of user profiles, and what profiles you do have are severely limited in the objects they can access.
- *SECOFR user profile can only sign on to a defined twin-ax attached device.
- Only have the servers (deamons) running that are needed.
- Security level 40 (Integrity Protection) recommended.
- Audit this system often.
Agenda
SEC064