The target is too tempting, and the stakes are too high. With virtually every business doing some form of e-transaction, the amount of money flowing electronically is staggering. And a quick scan of the major news media Web sites indicates a serious number of recent computer security-related problems. You hear a lot about hackers breaking in and defacing Web sites, but how many break-ins do you not hear about? Those are potentially the most costly. Could hackers be on your competitors payroll system? Its not a pleasant thought, but its something prudent businesses think about.
The AS/400 (a.k.a. the iSeries) is a very secure machine, but nothings invulnerable. IBM seems to do a great job making sure the machine is as secure as it can be, but there still can be problems. For example, there is code floating around the Internet that can be used to grab passwords. (See IBM Posts Updated Security PTFs for Son of Sniff on page 24 for more information.) In addition, the AS/400 doesnt operate in a vacuum. When operating in a networked environment, user IDs and passwords often flow across the network. Those IDs and passwords often can be intercepted easily. If theyre not encrypted, theyre easy to read. If theyre LanMan passwords (the kind used in mixed Windows 95/98/NT/2000 networks), they, too, can be easy to crack with tools such as L0phtCrack, a well-known Windows password audit tool.
To minimize your exposure, you have to follow good security practices. A partial list of precautions includes the following:
OS/400 object-level security (This is often overlooked.)
A switched network (i.e., no hubs)
A robust firewall (if you have a permanent Internet connection)
A strong password policy
Logging and auditing access
Network monitoring tools to scan your network for unauthorized hosts and services (such as an FTP server or pcAnywhere)
Good server-based virus scanning software
The latest versions of and security-related patches for all of your software
Dont become a headline. While it may or may not be possible to achieve 100 percent security, you can make your systems less of a target. Read this months focus articles on security and take the recommended steps.
Big IBM News
If you surf our Web site, you probably know by now that IBM has kicked off its Mach1 initiative, which promises to be a much-needed change in the way IBM presents itself to customers. (See IBM Unveils E-server Advantage on page 22 for complete details.) By creating the e-server line, IBM has further cemented its long-term commitment to e- business. One of the goals of the initiative is to enhance IBMs internal cooperation and communication between divisions. This internal cooperation and communication has been getting stronger over the last few years, but it still needs improvement, especially for AS/400 customers, so this is welcome news.
What does this mean to the AS/400 professional? If IBM can enhance its focus on providing solutions to customers and achieve greater sales, we all benefit in the long term. In the short term, there is likely to be some hand-wringing over the future. Midrange Computing is here to help you understand the direction the industry is taking and to keep your skills sharp and up-to-date. The world may be going e at a rapid pace, and it may be difficult to determine what your next move should be, however, as I said in the May issue (see From the Editor: Setting Standards), no matter which platform youre running on, standards enable us to get the job done. Well keep you up-to-speed on these standards, and well continue to set the standard for delivering the vital information you need to accomplish your IT mission.
Big Midrange Computing News
We are very pleased to announce the addition of Richard Shaler to our lineup of section editors. He will be editing the Groupware section. Richard, a long-time writer for Midrange Computing, brings us AS/400 and NT-based Domino experience from the trenches. You can look forward to the same level of real-world, problem-solving articles on Domino and related technologies in the Groupware section that we give you in the rest of the magazine.