Billion$ and Billion$ Served

General
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

The target is too tempting, and the stakes are too high. With virtually every business doing some form of e-transaction, the amount of money flowing electronically is staggering. And a quick scan of the major news media Web sites indicates a serious number of recent computer security-related problems. You hear a lot about hackers breaking in and defacing Web sites, but how many break-ins do you not hear about? Those are potentially the most costly. Could hackers be on your competitor’s payroll system? It’s not a pleasant thought, but it’s something prudent businesses think about.

The AS/400 (a.k.a. the iSeries) is a very secure machine, but nothing’s invulnerable. IBM seems to do a great job making sure the machine is as secure as it can be, but there still can be problems. For example, there is code floating around the Internet that can be used to grab passwords. (See “IBM Posts Updated Security PTFs for ‘Son of Sniff’ ” on page 24 for more information.) In addition, the AS/400 doesn’t operate in a vacuum. When operating in a networked environment, user IDs and passwords often flow across the network. Those IDs and passwords often can be intercepted easily. If they’re not encrypted, they’re easy to read. If they’re LanMan passwords (the kind used in mixed Windows 95/98/NT/2000 networks), they, too, can be easy to crack with tools such as L0phtCrack, a well-known Windows password “audit” tool.

To minimize your exposure, you have to follow good security practices. A partial list of precautions includes the following:

• OS/400 object-level security (This is often overlooked.)

• A switched network (i.e., no hubs)

• A robust firewall (if you have a permanent Internet connection)

• A strong password policy

• Logging and auditing access

• Network monitoring tools to scan your network for unauthorized hosts and services (such as an FTP server or pcAnywhere)

• Good server-based virus scanning software


• The latest versions of and security-related patches for all of your software

Don’t become a headline. While it may or may not be possible to achieve 100 percent security, you can make your systems less of a target. Read this month’s focus articles on security and take the recommended steps.

Big IBM News

If you surf our Web site, you probably know by now that IBM has kicked off its Mach1 initiative, which promises to be a much-needed change in the way IBM presents itself to customers. (See “IBM Unveils E-server Advantage” on page 22 for complete details.) By creating the e-server line, IBM has further cemented its long-term commitment to e- business. One of the goals of the initiative is to enhance IBM’s internal cooperation and communication between divisions. This internal cooperation and communication has been getting stronger over the last few years, but it still needs improvement, especially for AS/400 customers, so this is welcome news.

What does this mean to the AS/400 professional? If IBM can enhance its focus on providing solutions to customers and achieve greater sales, we all benefit in the long term. In the short term, there is likely to be some hand-wringing over the future. Midrange Computing is here to help you understand the direction the industry is taking and to keep your skills sharp and up-to-date. The world may be going “e” at a rapid pace, and it may be difficult to determine what your next move should be, however, as I said in the May issue (see “From the Editor: Setting Standards”), no matter which platform you’re running on, standards enable us to get the job done. We’ll keep you up-to-speed on these standards, and we’ll continue to set the standard for delivering the vital information you need to accomplish your IT mission.

Big Midrange Computing News

We are very pleased to announce the addition of Richard Shaler to our lineup of section editors. He will be editing the Groupware section. Richard, a long-time writer for Midrange Computing, brings us AS/400 and NT-based Domino experience from the trenches. You can look forward to the same level of real-world, problem-solving articles on Domino and related technologies in the Groupware section that we give you in the rest of the magazine.


BLOG COMMENTS POWERED BY DISQUS