Top Reasons why using Image Server/400 and the AS/400 Web Server is a secure and reliable solution - Support

Top Reasons why using Image Server/400 and the AS/400 Web Server is a secure and reliable solution

From Support

Jump to: navigation, search

1.) The web users cannot browse AS/400 directories the way we have the web server set up. This means they cannot access files in your IFS or AS/400 libraries.

2.) You can also give Image Server its own web instance if needed to isolate the process on its own.

3.) You can run Image Server on a TCP/IP port other than port 80 for added security if required. Hackers usually scan for port 80.

4.) You can set up SSL (Secured Sockets) on the AS/400 for additional web security if required.

5.) The web users do not have direct access to any IFS directories other than our read-only images directory for the web site. All other access is done by our CGI program DOC100R in the RJSIMAGE library.

6.) The users cannot log in to the AS/400 since we're not using regular AS/400 security. Our system has its own security. As long as you don't give outside users a regular AS/400 ID or 5250 access, they have no access to the AS/400 other than using Image Server/400.

7.) The users can only call a single program when using the Image Server/400 software. DOC100R is the only program users can call as a URL.

8.) The users do not have any sort of 5250 sign-on or command calling capability, so there's really no specific exposure other than calling program DOC100R which is controlled by our process.

9.) Since Image Server uses the special AS/400 web server user ID's of QTMHHTP1 and QTMHHTTP in the background you can limit authority of any AS/400 objects these two user ID's can access on the AS/400 if needed.

10.) Most importantly: If you have a firewall in place, you can limit TCP/IP port access to simply accessing port 80 on the AS/400 or whatever TCP/IP port you choose. By doing so, the only exposure the AS/400 has is our running instance of the web server and the program call to DOC100R. No FTP, 5250 or other access will be allowed because it would be blocked at the firewall.

11.) You could also use a VPN if your locations will be accessing the web server from the Internet. This would bring an added layer of security because the users would connect to your VPN before accessing the Image Server software.

12.) One other alternative that IBM usually recommends if you really need to cover yourself would be to bring in a small 170 or 270 system as the Web Server.

13.) Bottom line is that exposing any server (Windows 2000, Linux, Unix, etc.) to the Internet provides some level of risk, however the AS/400 web server is probably the most secure web server I've ever worked with in terms of securability. Hackers don't usually mess with it either since they normally don't have access to AS/400 systems.

Retrieved from "http://wiki.rjssoftware.com/wiki/index.php/Top_Reasons_why_using_Image_Server/400_and_the_AS/400_Web_Server_is_a_secure_and_reliable_solution"
Personal tools