I'm another one of those who is new at network security and I happened on
this list by chance. Since ya'll have more network experience than I do, I
am seeking some comments/advice on a system configuration we will take
over in the near future.
We will be running a supply management application on an IBM AS/400
mid-tier platform with the latest operating system (IBM OS/400, V4R3).
Remote users (select few - not open to everyone) will have access to this
supply management system via TCP/IP through a Web server, also running on
the same AS/400 platform. Specific to the AS/400, access to both the Web
Server and the application are controlled by ID/pass-phrase (up to 32
characters) followed by ID/passwords (up to 8 characters) respectively. In
other words, if the incoming user doesn't know both their Web server and
application ID/passphrases for their pre-assigned account, they will not
get in. Likewise, if they try three times at either the Web server or
application level with a bogus ID/pass-phrase, their account will be locked
out and must be reset by the administrator. To keep others from seeing
ID/passphrase attempts, the remote users will connect to the Web server via
HTTPs (port 443) encrypted.
Further limitations to this AS/400 platform come in the form of a
Sidewinder Firewall located at the only gateway to the local area network.
The Sidewinder will limit all access to the AS/400 to specific
predetermined protocols and IP addresses (However, some remote users are
located behind an external proxy server so we are really talking about a
predetermined range of IP addresses for some users).
As I understand it, no outgoing traffic from the Web Server or supply chain
application will be in the clear using HTTPs. As I see it, incoming
protocol and IP address limitations through the firewall only provide
low-level security (keeps out the casual Web surfer). More restrictive
security comes in the form of the HTTPs only access followed by the
ID/Passphrase combinations on the AS/400 platform. In your opinion, have
we designed a secure system?
Thanks in advance
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
