IBM argues that the AS/400 (i-series) plattform was built with "security in mind". In fact, the os/400 gives you the "tools" you need to implement a C2 rated system, but you have to set it up, it means that all those security facilies have to be properly configured. It includes: system values, network attributes, user profiles, initial menues and programs, resource security (object and library authorities), etc.
Also, you have to keep in mind that SNA is the AS/400's native communications protocol, so when IBM incorporated TCP/IP it exposed the system to all the TCP/IP vulnerabilities, such as FTP's denial of service attacks. As you see now, the as/400 can be "secured" (C2 is the highest rate it can get)only if it is properly configured and managed, otherwise, it becomes as vulnerable as any system. Marcela Martinez AS/400-iSeries Security Consultant Louprey International Original Message: ----------------- From: LK-FM Tech Assistances [EMAIL PROTECTED] Date: Wed, 06 Feb 2002 14:46:08 +0600 To: [EMAIL PROTECTED] Subject: as/400 Domino This may be a very silly question. But I am desperate for advice from one of you "security wizards", as I need to convince a client to immediately evaluate altanative security solutions ASAP, as they are exposing their internal network to the Internet without a firewall. Their argument is that the servers are AS/400 and they claim that the platform does not have any security holes or vulnerabilities that a potential hacker could exploit. So they feel they don't need a firewall. Although I am aware of 2 vulnerabilities on the Domino AS/400 (They are using DOMINO too) I don't have adequate knowledge and can not site incidents on hacking the AS/400. Any advice, references,links etc --- MUCH MUCH appreciated ! Ta RJ ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ .
