Tweet
What is the quickest way to protect unauthorized use of services like FTP and CA/400 downloads from our client community. I CAN'T shut these services down since some users and applications need them. I suspect I'll be using exit programs but need a quick article with appropriate code to setup and enable the exit programs. Can you point me in the right direction? Or, is there a CHEAP program on the market that makes administration of exit programs simple? Thanks in advance. Chuck
-
-
Exit programs
December 1999 issue of Midrange Computing: Locking down FTP by Alex Garrison. Contains great example code you can use right away to control FTP access. Also, search this forum for a post by me on FTP Security from several months ago. In one of my posts, I included a CL program that you can modify to control all FTP services. HTH -
Exit programs
Here is a small program that you can attach to your signon servers. You need to create the database file. The file will contain the users you want to use the servers. Anyone not in the file will be rejected. It is simple but it works well to just lock users out. Once you allow them access though they have full capabilities. You would want to build on these to give more flexability. Use WRKREGINF to add the exit program to the servers, here are some of the signon/init servers. QIBM_QTMF_SVR_LOGON TCPL0100 *YES FTP Server Logon QIBM_QZDA_INIT ZDAI0100 *YES Database Server - entry QIBM_QZSO_SIGNONSRV ZSOY0100 *YES TCP SIGNON SERVER Again it is simple, but it can flat out lock users out Source for pgm is an attachment. HTH, GregComment
-
Exit programs
Chuck, Here is the source for my exit program. It too simply lets users in or locks users out. The main concept behind it is to check an authorization list. If you are on the authorization list, you are let in. Not on it, sorry bye bye. Also, if there is an emergency and everybody needed access simply open up the public's authority on the auth list and whala..... everybody is in. Want to know who is using FTP before you lock everybody down, this CL also post messages to QSYSMSG queue telling you who got in and who didn't. HTH Scott See attached belowComment
-
Exit programs
Chuck, Exit points are a good way to block access from network interfaces, especially if you have AS/400 software that relies on menu security and LMTCPB to control access. Exit programs are not too terribly difficult to write, and you've got a couple of decent examples here on the Forum. Their are quite a few to cover if you want to block access from all of the interfaces (FTP, Client Access, DDM, DRDA, NetServer, Remote Command, etc.), with more to come from IBM in the next few releases. There are inexpensive commercial solutions that cover all of the exit points. I'd love to tell you about mine, but will respect the integrity of the forum and not advertise on it. Email me directly at johnearl@400security.com if you'd like to know more. jteComment
Comment