On Wed, 31 Jan 2007 16:27:30 +0900, Timothy Sipples <[EMAIL PROTECTED]> wrote:
>... but then I inquire about why there's a >need to manage LU names at all. (Are pools appropriate?) I also wonder >why there's a internal process or organizational dysfunction which >encourages the more costly management of multiple servers, each with their >own set of LU names, rather than the (much easier) management of a >centralized set of names. A lot of people think assigning specific LU >names yields security benefits. I'd argue not, at least in the TN3270 >world where hardwired physical terminals don't exist. If the shops I've seen are any example, there are many thousands (millions?) of lines of online application code whose function depends on knowing and understanding LU names. This is not for security, but for setting the application environment: this user gets this print queue, this mailing address, access to this database, etc. Whether that is a reasonable design is irrelevant; it exists, and it is too deeply embedded to change without major redesign. Even so, that does not argue for offloaded Tn3270 servers. If anything, it argues for the need to centralize maintenance of the various LU pools so that changes or additions to LU names don't conflict with existing names. >... >And of course all of this refers to 3270 access, ... >... And THAT argues against the value of an outboard Tn3270 server as protection against a Denial of Service attack. Unless the only IP service you provide is Tn3270 you still to provide access to your host. It protects you against a DoD attack directed to your Tn3270 port on your Tn3270 server's IP address. It does nothing to protect you from a DoS attack directed at any port on your hosts. It doesn't even mean one less port on your host; you still may use port 23 (or whatever port you choose) on your host for Telnet or Tn3270. Pat O'Keefe ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
