Re: Open Ftp on AS/400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In the end I suppose it comes down to how much risk you want to take
and how much you are willing to pay to mitigate that risk.

Being able to put an LPAR in the DMZ sounds good until you calculate
the cost of extra hardware etc. I think that dedicated (Intel)
servers in the DMZ are a more viable solution especially if you put a
robust OS on them (like FreeBSD for example) for running FTP/HTTP
etc.

I think I'll leave it here apart from saying there are some good
redbooks on security and some good software to help.


"Bradley V. Stone" <bvstone@xxxxxxxxxxxxxxxx> wrote in message
news:vAP_c.3561$zh6.1735@xxxxxxxxxxxxxxxxxxxxxxxxxxx
David Q F wrote:
Thanks for your comments Bradley,

Thanks for replying. This type of stuff intrigues me.

You mention that SSL requires certificates. But, it is possible to
sign your own certificates. In some proprietary cases that is an
option. But I see your point there. (Trusted certificates to me
are a huge scam... I want to get into that business!)

As for the DMZ issue for servers, I understand that point. But
today with machines, especially the AS/400, that are an all in one
solution (and advertised as such), which is the lesser of two
evils? Putting the AS/400 that also does OE, green screen, AP,
etc in a DMZ, or behind a firewall with the FTP port open?

I understand opening even one port will alert a hacker to the
existance of the machine.. and not every shop can afford to have
a different box (or possibly LPAR in this situation?) for each
server. Today AS/400s are used for everyday applications, plug
mail, web and ftp serving (and more).

I understand there are ideal situations, but what about best case
solutions for the everyday shop?

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBQTuW1Xa9pjIGiSSWEQLUNACgngEHiwuX3HODt+O8pDqNeW63vpsAoOv6
GXKxrlzMd3f5GflOUzJzpGrN
=e5lj
-----END PGP SIGNATURE-----


.