System i and Internet security considerations
Security issues related to the Internet are significant. This topic provides an overview of IBM® i security strengths and security offerings.
When you connect your System i® platform to the Internet, typically one of your first questions is, "What should I know about security and the Internet?" This topic can help you to answer this question.
What you need to know depends on how you want to use the Internet. Your first venture into the Internet is to provide your internal network users with access to the Web and Internet e-mail. You might also want the ability to transfer sensitive information from one site to another. Eventually, you can plan to use the Internet for e-commerce or to create an extranet between your company and your business partners and suppliers.
After you understand how you want to use the Internet for e-business, as well as the security issues and the available security tools, functions, and offerings, you can develop a security policy and your security objectives. A number of factors affect the choices that you make in developing your security policy. When you extend your organization onto the Internet, your security policy is the critical cornerstone for ensuring that your systems and resources are secure.
IBM i security characteristics
In addition to a number of specific security offerings for protecting your system on the Internet, the IBM i operating system has the following security characteristics:
- Integrated security, which is extremely difficult to circumvent compared with add-on security software packages that are offered on other systems.
- Object-based architecture, which makes it technically difficult to create and spread a virus. On an IBM i operating system, a file cannot pretend to be a program, nor can a program change another program. IBM i integrity features require you to use system-provided interfaces to access objects. You cannot access an object directly by its address in the system. You cannot take an offset and turn it into, or manufacture, a pointer. Pointer manipulation is a popular technique for hackers on other system architectures.
- Flexibility which lets you set up your system security to meet your specific requirements. You can use the Security Planner to help you determine which security recommendations fit your security needs.
IBM i advanced security offerings
The IBM i operating system also offers several specific security offerings that you can choose to enhance your system security when you connect to the Internet. Depending on how you use the Internet, you might want to take advantage of one or more of these offerings:
- Virtual private network (VPN) is an extension of an enterprise's private intranet across a public network, such as the Internet. You can use a VPN to create a secure private connection, essentially by creating a private tunnel over a public network. VPN is an integrated feature of the IBM i operating system, available from the System i Navigator interface.
- Packet rules is an integrated feature of the IBM i operating system, available from the System i Navigator interface. You can configure IP packet filter and network address translation (NAT) rules to control the flow of TCP/IP traffic into and out of your system by using this feature.
- With the Secure Sockets Layer (SSL) protocols, you can configure applications to use SSL to establish secure connections between server applications and their clients. SSL was originally developed for secure Web browser and server applications, but other applications can be enabled to use it. Many applications are now enabled for SSL, including the IBM HTTP Server for IBM i, IBM i Access for Windows, File Transfer Protocol (FTP), Telnet, and so on.
