|
Object level security is the surest way to secure the rest of the
libraries on your system. You can exclude the FTP user from all
libraries (except QSYS -- leave that one alone.) In fact, this is the
technique that IBM recommends for creating a secure environment to
enable anonymous FTP. This is the most secure and most foolproof way
of securing your system. In addition, don't forget to secure
directories in the various file systems in the IFS -- in particular,
don't forget to secure '/' (root).
Your other (but less fool-proof) method is to write an exit program.
The FTP exit program format is pretty simple and IBM has sample exit
programs on the InfoCenter Web site under
the FTP topic. You could disallow access to all other libraries or you
could disallow all other FTP commands.
A more simple option would be to use Application Administration (through
iSeries Access)to control access. Look for TCP/IP under the Host
Applications tab and you can control FTP access that way.
Finally, you could purchase a third-party software package that performs
these functions. At last count, there are at least 12 vendors that
provide this type of software. ==================================
MORE INFORMATION ON THIS TOPIC
==================================
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
|
