RE: Connecting to Ibm AS/400 from outside a fw

[manuel . ricca @ pararede . pt]

Weren't VPN's invented for this purpose?
Open port 23 but with encryption/authentication and you'll
be ok. Use strong authentication if you can (i.e., token cards).


>As bad an idea as it sounds, probably the best way
>to deal with that is with a telnet proxy.  (No, they proxy
>isn't the bad idea... letting them into your network is.)
> What that would (hopefully) give you is a way to do
>some extra security checks before you let these people
>onto your hosts.
>
>You should have a login of some sort to the proxy (yes, this ends
>up being a double login.. hopefully you can tell them
>"tough") and control what sort or telnet options and
>environment variables get passed.  You should
>also be able to control which hosts they can get to.
>It may also give you an easy way to log every keystroke
>they type.  I don't have any particular brand I can recommend.
>
>It should be obvious, but just to point it out in case it doesn't
>occur to someone reading this:  Once they're on an inside
>host, they can probably easily hack root.  They can jump off
>from there to any other inside host.  They can sniff your
>network from that host.
>
>You'd probably like to make sure you log everything they
>type.
>
>                    Ryan
>
>
>
>
>
>"Pedro Manuel" <pmanuel @
 cindy .
 fe .
 up .
 pt> on 03/07/98 06:59:41 PM
>
>To:   Firewalls @
 GreatCircle .
 COM
>cc:    (bcc: Ryan Russell/SYBASE)
>Subject:  Connecting to Ibm AS/400 from outside a fw
>
>
>
>
>
>   Hi people!
>   Does anyone know the best way for me to allow secure access from
>the outside world (internet) to half a dozen corporate AS/400
>machines inside a firewall? Is socks5 a option? And what about TN5250
>emulation client software using it?
>
>Thanks in advance,
>Pedro Manuel Rodrigues
>
>
>
>
>

-----------------------------
Manuel Ricca
ParaRede - Tecnologias de Comunicação, S.A.
Tel: +351 1 3025056
Fax: +351 1 3025001
E-mail: manuel .
 ricca @
 pararede .
 pt