• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Network Security: Don’t Trust And Verify

    October 21, 2020 Rich Loeber

    When your system is connected to a network, you cannot always guarantee the integrity of the person at the far end of a network connection. If your system is connected to the Internet, ethics go out the window altogether. You have to assume that the person at the far end is a bad guy, then proceed from there. With this tip, we’ll outline an approach to this problem that may help you to focus in on how to deal with the bad guys wherever they may be.

    Internet bad guys generally fall into two categories, sneaks and bullies. The bullies you can probably identify easiest, they are the ones who go after your system with active attacks. They will try to break into your system, trying just about everything in the book. On our test IBM i server in the office recently, we had a bully come by who tried to log on using over 700 different user profiles in a period of five minutes. Each logon attempt was met by our SafeNet/i exit point software and tossed out right at the point of entry with a security warning message to our security officer for each try. The user profiles were all different and all “typical” of what you might expect to see in just about any shop in the country. When bullies come after you, they do it with brute force. They can try to spoof your system, guess your passwords, deny others from using your system by keeping it overly busy dealing with their break-in attempt, and much more.

    The sneaks are a lot more passive. Sneaks will sit back and monitor network traffic to your system and try to uncover secret information that will then give them what they need to gain access to your system “normally.” Sneaks are very hard to identify and the have insidious tools at their disposal to get the information they want. This can even include Trojan horses that gather the information for them. Since sneaks are so hard to identify, you should plan your security strategy assuming that someone is always watching your system.

    To guard your system against both sneaks and bullies, you need to think about how to layer your system defenses to guard against anything and anyone. If your system is connected to the Internet, you must assume that a sneak or a bully is going to attempt to gain access and plan accordingly. The best defense is always a good offense and you should consider the various layers of your system and have a plan to deal with intruders at every level. This layered approach will help you develop a good defense. The layers you should give consideration to include:

    • System security – including your system level use of user profiles and regularly rotated passwords. For most IBM i shops, this will be your last line of defense, so plan it well. Consider using longer passwords or pass phases that are now supported by the IBM i OS.
    • Network security – this commonly involves implementation of a firewall between your network and the Internet but can also include services available from your ISP. On the IBM i there are also things that can be done at the IBM i OS server level via exit programs that can address network security issues.
    • Application security – your applications should be designed to integrate with your security policies. Application software can easily be misused and abused and your applications should be designed with this in mind, especially those applications that are open to network and Internet users.
    • Transmission security – when you use an uncontrolled network like the Internet, your data will be open to anyone while it is in transit from one place to another. To protect your data, you need to consider encryption techniques and the use of Secure Sockets Layer (SSL) on your IBM i along with encryption. Encryption should be required for all 5250 terminal connections.

    In your plan for network and Internet security, you need to have a plan for each of these layers of control in order to safeguard your system. And, even then, a bully or a sneak might still get past you, so watch out.

    If you have questions about details of this tip, feel free to contact me directly by email: rich@kisco.com.

    This content is sponsored by Kisco Information Systems.

    Rich Loeber is president of Kisco Information Systems.

    RELATED STORIES

    Why You Need To Implement Exit Point Security – Now

    Who’s Watching i? The Kisco, Kid

    Budget Relief For IBM i Monitoring Software

    Customers React Positively to IBM i Alerting Tool from Kisco

    Kisco Debuts Sub-$400 Message Monitor

    Kisco Bolsters Network Socket Security

    Don’t Overlook These Network Auditing Improvements in IBM i 7.3

    Kisco Rolls with 2FA, Revs Network Security Tool

    Boost Your IBM i Security by Tracking Config Changes

    Kisco Hooks SafeNet Into IBM’s SIEM

    Kisco Gives IBM i Security Tool a Web Interface

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: 5250, IBM i, Kisco Information Systems, Secure Sockets Layer, SSL

    Sponsored by
    ARCAD Software

    Embrace VS Code for IBM i Development

    The IBM i development landscape is evolving with modern tools that enhance efficiency and collaboration. Ready to make the move to VS Code for IBM i?

    Join us for this webinar where we’ll showcase how VS Code can serve as a powerful editor for native IBM i code and explore the essential extensions that make it possible.

    In this session, you’ll discover:

    • How ARCAD’s integration with VS Code provides deep metadata insights, allowing developers to assess the impact of their changes upfront.
    • The role of Git in enabling seamless collaboration between developers using tools like SEU, RDi, and VS Code.
    • Powerful extensions for code quality, security, impact analysis, smart build, and automated RPG conversion to Free Form.
    • How non-IBM i developers can now contribute to IBM i projects without prior knowledge of its specifics, while ensuring full control over their changes.

    The future of IBM i development is here. Let ARCAD be your guide!

    Watch Now

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    IBM i PTF Guide, Volume 22, Number 42 Four Hundred Monitor, October 14

    Leave a Reply Cancel reply

TFH Volume: 30 Issue: 66

This Issue Sponsored By

  • Maxava
  • Datanational Corporation
  • Connectria
  • MAGiC
  • Raz-Lee Security

Table of Contents

  • Profound and Connectria Hook Up in Cloud-Modernization Push
  • Recovery Point Provides Another Option for Full-Service DR
  • Four Hundred Monitor, October 14
  • Network Security: Don’t Trust And Verify
  • IBM i PTF Guide, Volume 22, Number 42

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Liam Allan Shares What’s Coming Next With Code For IBM i
  • From Stable To Scalable: Visual LANSA 16 Powers IBM i Growth – Launching July 8
  • VS Code Will Be The Heart Of The Modern IBM i Platform
  • The AS/400: A 37-Year-Old Dog That Loves To Learn New Tricks
  • IBM i PTF Guide, Volume 27, Number 25
  • Meet The Next Gen Of IBMers Helping To Build IBM i
  • Looks Like IBM Is Building A Linux-Like PASE For IBM i After All
  • Will Independent IBM i Clouds Survive PowerVS?
  • Now, IBM Is Jacking Up Hardware Maintenance Prices
  • IBM i PTF Guide, Volume 27, Number 24

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle