Secured TELNET

645 pts.
Tags:
Telnet
V5R3MO
V5R4M0
How can I secure telnet so one cannot just telnet to our systm name and access a QPADEV* session? TIA

Software/Hardware used:
iSeries O/S V5R4M0

Answer Wiki

Thanks. We'll let you know when a new response is added.

The first thing I would do would be to set Public authority to *EXCLUDE. You can also look into exit programs. You can write you own or look into a commercial application.

This thread may help:

http://archive.midrange.com/midrange-l/200811/msg00380.html

Also you can check :

http://publib.boulder.ibm.com/html/as400/v5r1/ic2989/index.htm?info/rzaiw/rzaiwprogramtypes.htm

http://www.google.com/search?hl=en&source=hp&q=QIBM_QTG_DEVINIT+&btnG=Google+Search&aq=f&oq=&aqi=

———————————————————————————————————————————————

We control access from our interactive subsystems. In QINTER, for example, we add workstation names that DO NOT begin with QPADEV*. So, if someone is not assigned a workstation name, they will not obtain a signon for our system.

Discuss This Question: 6  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Abigail
    What would you set to Public *EXCLUDE?
    645 pointsBadges:
    report
  • TomLiotta
    Do you want to stop unauthorized telnet access from outside or do you simply want to block access to QPADEV* devices? The two are not totally synonymous. Unauthorized outside access can connect to devices other than QPADEV* devices. Tom
    125,585 pointsBadges:
    report
  • Whatis23
    Total lock out to the command TELNET for login is to set to public *exclude.
    5,665 pointsBadges:
    report
  • WoodEngineer
    We have had good success using the TELNET exit program provided by IBM, which can be found from the URL metnnioned by Teandy. It installed smoothly and is very secure.
    6,680 pointsBadges:
    report
  • pdraebel
    If you now which IP adresses (ranges) are allowed access you cold use CFGTPC option 2 (Routes) and remove the *DFTROUTE and add only the IP ranges you want to allow access toyour iSeries. Doing that will cause you i not to reply to any requessts from IP's outside allowed ranges.
    2,895 pointsBadges:
    report
  • Teandy
    Abigail wrote: What would you set to Public *EXCLUDE? On the command line, type WRKOBJ TELNET. On the next screen, take option 2. Then change *PUBLIC authority to *EXCLUDE.
                                Edit Object Authority                              
                                                                                   
    Object . . . . . . . :   TELNET          Owner  . . . . . . . :   QSYS         
      Library  . . . . . :     QSYS          Primary group  . . . :   *NONE        
    Object type  . . . . :   *CMD            ASP device . . . . . :   *SYSBAS      
                                                                                   
    Type changes to current authorities, press Enter.                              
                                                                                   
      Object secured by authorization list  . . . . . . . . . . . .   *NONE        
                                                                                   
                             Object                                                
    User        Group       Authority                                              
    *PUBLIC                 *EXCLUDE                                         
    You can also use EDTOBJAUT OBJ(TELNET) OBJTYPE(*CMD). Both commands eventually take you to the same screen.
    5,860 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following