You may have heard about security exit programs that are supposed to guard the network based connections into your iSeries server. Maybe you even implemented some exit programs, either by your own writing or from a commercial security product. However, your troubles are not over yet. Your iSeries server may host rogue network connection points that bypass the exit point security schema altogether. A fine example of such a program can be found on IBM's Web site.
This is an example of a remote client that connects to an interactive qsh session on the server. Although this example requires QSHELL (on the server), and the client requires either AIX or Linux, the concept is simple: A host based program that opens a socket, listens to connections, and executes commands.
A diligent reader can Google a few more samples in a short time.
How to protect yourself from those rogue access points?
1. Use NETSTAT OPTION (*CNN) to review all of the existing open ports.
2. Create TCP port restrictions on all ports that you do not plan to use.
3. Audit your system carefully.
Of course, if you are willing to have the best protection and ready to work hard to achieve it, you can place a firewall between your iSeries server and the rest of the corporate network.
MORE INFORMATION ON THIS TOPIC
The Best Web Links: tips, tutorials and more.
Search400's targeted search engine: Get relevant information on security.
Ask your systems management questions--or help out your peers by answering them--in our live discussion forums.
Check out this Search400.com Featured Topic: Top ten security tips
Visit the ITKnowledge Exchange and get answers to your security questions fast.