Security when assigning static IP to AS/400

2475 pts.
Tags:
AS/400
AS/400 security
Static IP address
Hi all! We are using AS/400 V4R5 server in our office and we have an application running on it. Right now we connected some other users (5 members) of this application who is outside from our office through VPN. But now our management asking us to provide support for more than 25 people (this may increase). From our-side we are thinking that, to put router on all user side will make big work and also high cost consuming. So we planned to offer this service by assign static IP to our AS/400 server. So I need some idea from you guys. Whether is it a good thing to assign Static IP? And if we do this what are the steps to be taken in terms of security on AS/400? If you have any other options for this solution please let me know. Surey.

Answer Wiki

Thanks. We'll let you know when a new response is added.

Also, make sure you scan it with more than one reputable vulnerability scanner such as QualysGuard or Nexpose.

Discuss This Question: 10  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    Don't you already have a static IP assigned for your AS/400? If not, where is it getting its address?   Tom
    125,585 pointsBadges:
    report
  • Sureyz
    Tom,       We are using Private IP for our LAN. So we assigned as the same for the AS400 server also. I mean to say to get fixed IP for AS400 which will enable us to access the server through internet from any where.I'm not that much aware about these networking things.Please give me some better idea.  Sureyz
    2,475 pointsBadges:
    report
  • Splat
    We use VPN clients going through a Cisco ASA for those working from outside our facility, keeping the iSeries behind the firewall.
    7,665 pointsBadges:
    report
  • TomLiotta
    If you have a working VPN configuration, why is there any need to make a change? As far as security goes, I don't see any real difference with an address change. That is, you have a degree of obscurity now that would be lessened somewhat; but accessibility isn't created by explicitly assigning an address.   For example, if you can currently run something like FTP RMTSYS(WWW.REDBOOKS.IBM.COM) from a server command line and get valid replies, then you know that a route is already accessible with your local address.   If a function like FTP or other TCP/IP applications can't currently work from your server, then the question might need some added description.   Tom
    125,585 pointsBadges:
    report
  • TomLiotta
    BTW, is it "V4R5" or "V5R4"? -- Tom
    125,585 pointsBadges:
    report
  • Sureyz
    is this possible to keeping a iSeries server which is assigned with fixed addressing, behind a firewall and can make the firewall to allow only particular IP address to access the server from the internet ?
    2,475 pointsBadges:
    report
  • TomLiotta
    ...make the firewall to allow only particular IP address to access the server from the internet ?   It should be possible. Without knowing details of any firewall or router, there's no good way to determine how it would be done. This is one example of what a firewall is intended to allow.   Tom
    125,585 pointsBadges:
    report
  • Sureyz
    Can we use Cisco 2900 Series Router for the solution which i mentioned earlier?
    2,475 pointsBadges:
    report
  • Splat
    Keeping in mind that I'm not a network person, the specifications for the 2900 series indicate it should be able to handle the scenario you've described.  Certainly you should talk to your network administrator about it, as well as what other options may be available/affordable.
    7,665 pointsBadges:
    report
  • WoodEngineer
    Sureyz, you asked about only allowing certain IP addresses to pass through your firewall and access the AS/400.  Yes, that is possible.  We do that exact thing with our Cisco ASA.  In our opinion, it provides a good level of security.Be aware that your remote users' internet service provider may change the IP address assigned to the user unless they license a specific IP address.  We see changes infrequently but it does happen.
    6,875 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following