DirectPC, cable modem or ADSL?

Frank, Does high speed access on your end solve the slowness problem when accessing this forum? Unfortunately, no. This forum's problem is placed solely at the feet at whatever is used to serve it. As an aside this is one of the big fallicies of faster access. I have a cable modem at home and the percentage of web sites that benefit from it are not enough to warrant the price (I am not paying for it, that's why I still use it). But, occassionally when I come across a site that has the power, WOW! Bill

DirectPC, cable modem or ADSL?

To Bill or anyone else - With your high speed access at home, are you able to access your AS/400 at work? If yes, please give us some details. Thanks. Just an old mainframer caught in the Web!

DirectPC, cable modem or ADSL?

On Tuesday, December 08, 1998, 11:10 AM, Brandon Wahl wrote: Thanks for your input Jim, I've been doing alot of reading on the subject and what you've done with your network sounds about what I'm going to have to do. But tell me, what do you do about sales force wanting to get to information on the 400? All of my stuff is home grown green screen apps, which will be fine for remote sites with firewalls on their end and one on mine to "tunnel" IP as you've said. But, what about the sales guy who'd be dialing in from his home? What should I be concered about as far as security on this? Brandon Wahl Over 12 years ago, before the Internet, we setup 800 numbers and a link to the Compuserve X.25 network. Our dealers and our field reps use these methods to connect with us. The 800 numbers cost us $9.00 per hour and the Compuserve about $4.50. Our bill at the end of a month is over $9,000. One security problem on the Internet is people from the outside trying to access our system and guess user ids and passwords. A scan of our site can tell a hacker what IP address we have and what ports on your system are open. The best security tool is examining a log of failed logon attempts. The number of incidents of this occruing on my network has decreased over the past few years. One reason I think it has is that the Internet is now so large. The second problem is wire taps and sniffers. However, this is not restricted to the Internet. In the 26 years in which I have been doing data communication and security, I have had two incidents of wire tap, that I know of. One case was on a fax machine. All faxes sent or received were intercepted and copies were made. The other incident was a tap on a data line. Fake shipping orders were sent to a warehouse to have half a million dollars of product sent to a public warehouse. This occured on a leased line. This is why I feel the use of encryption or (VPN) on the Internet is more secure than plain text on a leased line. In 1997 we formed a group to study converting our dealers and reps to the Internet. We came up with 3 options. Option 1Microsoft's RAS service on an NT server can provide secuirty for PCs. The RAS server can be setup to accept connections from a modem, from an X.25 network or an IP network. We had been using the RAS server for many years to provide security on the 800 numbers and Compuserve. We added a second Ethernet port and connected it outside of the Internet firewall. Someone on the Internet could then go to a PC's remote network setup and define a remote network with the Internet address of the RAS server. They would have to pass the RAS server's security before they could enter the network. The RAS server uses an encryption system like Microsoft's LAN network does. When you are on a Ethernet LAN, someone can install a sniffer program on a PC and see all messages for all computers in the same collision domain. There are programs available that will look for Telnet sessions and capture user ids and passwords. In MS networks the user's password is the key for the encryption. You must have long passwords. The time required for a sniffer program to crack the message is determined by the length of the password. All messages sent between the RAS server and the PC are encrypted including the Telnet sessions that are passed on to the AS/400. Users that get a command line prompt must enter our network via RAS so messages are encrypted. Dealers and remote sales people can connect to modems and X.25 using plain text. They just need a terminal or teminal emulator to connect to our system. However these users can not get a command line prompt. We also do not allow our dealers to enter orders and have product shipped anywhere except the dealership. Option 2Get a firewall that supports SOCKS. This works on any system that has a SOCKS socket library installed. The socket library is the Interface between an application and TCP/IP. When a program wants to send or receive data on an IP network, it calls the socket library. What SOCKS does is replace the standard socket library with one that does a form of IP tunneling. Your firewall must support SOCKS and you must pay a fee for each PC. Option 3Re-write the applications to the web. Web based systems can use secure sockets and certificates. DecisionThe decision was that users that get command line prompts will stay where they are. The dealers and reps will go with option 3, rewrite to the Web. This decision had as much to do with going to a graphic interface than network security. Our sales and tech support people have wanted a graphic capability for sometime. The Web supports certificates and public key encryption. Certificates are encryption keys that are exchanged between people before they are going to communicate over the Internet. This is the most secure form of electronic communication but it is a big administration problem. Public key encryption is less secure but allows people who have never communicated with each other to encrypt messages. This is possible because the key to encrypt a message is not the same as the key to decrypt the message. I can send you a public key that you use to encrypt messages you send to me. I can decrypt them with the private key. Public key encryption is safe from sniffing, but it is not safe from insertion. Someone can insert a computer into your line and intercept your keys. The two people communicating with each other do not realize that a third person has intercepted their keys and replaced them with their own keys. We have 2 kinds of information on the web now. Public information in plain text that does not require a user id. Dealer and sales information that requires a user id and is secured with public keys. JHicks@SUZ.com

DirectPC, cable modem or ADSL?

On Tuesday, December 08, 1998, 03:52 PM, Frank Whittemore wrote: With your high speed access at home, are you able to access your AS/400 at work? If yes, please give us some details. Thanks.

---

Along the same line, what are some people's strategies for intranet/internet? We currently have a local net that we log into by calling directly into the LAN server. That gets us into all of our machines. However, we're planning to switch to an Internet connection using Virtual Private Networking. Anybody else doing that? If so, any pitfalls or considerations? If not, why not? Joe