Re: AS400 vs MS application

> Why do you feel that IBM midrange servers are more suited to these tasks
> than Windows based or *nix based servers, besides the obvious "security
> through obscurity"?

The reason for my statement are our experiences.

When we had Windows servers it was a job for some hours a week to keep
everything up to date, closed, safe, as we are required to do.
Almost every day new risks, leaks, patches or workarounds available or
not were reported. The number did not decrease, but the time interval
between serious incidents did. So it became not better but worse.
Same for the database. Example: A severe leak allowing extending your
rights and data manipulation for Oracle (patform Windows and Linux) is
public now, it exists since years, easy to abuse, no patch in sight.

Today we have Novell Netware file servers, but not the new version with
Linux kernel. Our central database is DB/2 on iSeries. We are still
watching the scene for exploits, viruses, hacker tools, leak reports
and runnig our network sniffers and server access monitors. But almost
nothing ever shows up we have to care for. Perhaps twice a year we
install patches.
I really would call the iSeries the safest platform as long as you
don't open doors by yourself. Means e.g. only 1 user with ALLOBJ, and
*nobody* knows the password (3 people know 3 characters of it, also put
in an envelope in the safe). Only this user could do anything but read
with the journals, logging every change of data. Some more things to
observe, mostly IFS and Java/JDBC related, but not much.

The usual statement "every well maintained and configured system is
safe" is an illusion. First: Keeping Windows servers well maintained
and configured is a tremendous job and we could never reach a really
satisfying level. Linux is better, but not good.
With a small part of this effort you make a Netware server or an
iSeries much safer than a Windows server will ever be.


Yes, you may call us a bit picky or psychopathic about security. But
only because you don't know which informations we store.


Walter

.

Relevant Pages

  • Re: Remote shutdown windows server from Debian Linux?
    ... > I have a few Linux and Windows servers hooked up to the same UPS. ... There is a NUT client called WinNUT which could maybe do what you want. ...
    (Debian-User)
  • Re: Remote shutdown windows server from Debian Linux?
    ... >>I have a few Linux and Windows servers hooked up to the same UPS. ... >>Is there command that will send the signal to a windows server to ... > There is a NUT client called WinNUT which could maybe do what you want. ...
    (Debian-User)
  • Re: WAMP will beat LAMP pretty soon!
    ... While this site is not Linux specific, it does indicate that Windows servers ... What do you think most apache installations run on? ... (Wake up call for Codegear). ...
    (borland.public.delphi.non-technical)
  • Re: Web based database
    ... >> But mine will run on any PHP supported web server, including Linux ... Yours is limited to Windows servers. ...
    (borland.public.delphi.thirdpartytools.general)
  • Remote shutdown windows server from Debian Linux?
    ... I have a few Linux and Windows servers hooked up to the same UPS. ... Is there command that will send the signal to a windows server to ...
    (Debian-User)