These people who feel they don't need a firewall - they are security experts, right?
Seriously, this line of reasoning is fallacious in the extreme. The AS400 is arguably one of the most secure platforms out there, especially if configured to vary off the access upon repeated password failures, but any platform is subject to misconfiguration - especially by people as complacent about security as "some people" referenced above.
Security is always a matter of degree. How much access are you comfortable granting under what conditions? The AS400 is usually a line of business server. Are you comfortable giving access to the best hackers in the world to your business data, to test the AS400 security model? Some people are. I do a great deal of security work in AS400 environments, and I would never argue that a client expose their server to the wild, no matter what security level they have configured.
If you require more specific information, feel free to e-mail me off line.
Brian Barth
I have to give semi-anonymous IP remote access to an
AS/400, and I feel like I need a firewall to protect
it.
Some people here think that the AS/400 is so secure
that it doesn't need a firewall, because the remote
access will be connected to a secondary Ethernet board
that won't be reachable from the main network.
I wasn't able to find hard evidence to support my
claim - I couldn't find any AS/400 vulnerability
report in the Internet.
So I would be glad if someone handed me an incident
report, or some evidence that the AS/400 is not
unvulnerable - OR IS IT?
- Does AS/400 need a firewall? Carlos Moran
- Re: Does AS/400 need a firewall? Michael Sorbera
- Re: Does AS/400 need a firewall? Mark . Teicher
- RE: Does AS/400 need a firewall? Nathan Long
- Re: Does AS/400 need a firewall? Michael Sorbera
- bbarth
