25
Thu, Apr
1 New Articles
  1. You are here:  
  2. Home
  3. Security
  4. Security - Other
  5. TechTalk: PC Network Security on the AS/400

TechTalk: PC Network Security on the AS/400

Security - Other
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

We were told that it couldn't be done, but we were also told that before on other matters. And as before, we found a way to work out our plans. We successfully implemented our token-ring network security from the AS/400.

We ordered the token-ring hardware when we ordered our AS/400. We had a long range plan to utilize the network and we wanted to have the security handled on the AS/400. Our regular sign-on security for the AS/400 is handled by checking the user ID against our company employee master file. If a user is not a current active employee, he or she cannot sign on. We were able to keep this approach with the network along with a few more security checks.

We programmed the PC to connect to the network and check whether the AS/400 is available when it is turned on. The user must have authority to be using the network, which is checked based on our naming conventions. At this time the PC ignores the rest of the network logon, and we connect it to the AS/400 using PC Support, which brings up the AS/400 signon screen. On the AS/400 signon screen, the user can only key in his or her user ID and password. The AS/400 automatically checks the ID and password for validity. We also use the feature that varies off the terminal after three invalid signon attempts. If the user has a valid ID and password, the user ID is checked against the company employee file. The terminal is signed off if the user is not an active employee.

All active employees that sign on see an individually tailored menu. Within this menu program, we check to see what functions the user has authority to do, and we display menu options for only these functions. Two things are checked here for our network security: 1. Does the user have authority to use the network? 2. Is he or she using a network PC? If these two checks are not answered with a yes, the user will not have the menu option to log on to the network. So at this point, users must have a valid user ID and password, they must be an active employee, they must have authority to use the network, and they must be using a network PC.

When the user is signed on to his or her AS/400 menu and is ready to logon to the network, he or she simply selects option 8 to go to the network. Each network PC has a file transfer program on it (utilizing PC Support) that is used to download the network file, but this program is run from the AS/400. Let me walk through the network menu program (1) and explain this.

When the user is signed on to his or her AS/400 menu and is ready to logon to the network, he or she simply selects option 8 to go to the network. Each network PC has a file transfer program on it (utilizing PC Support) that is used to download the network file, but this program is run from the AS/400. Let me walk through the network menu program (Figure 1) and explain this.

The menu option program for the network first determines who the user is (line 500), and then allocates the file USER (line 800) which is used to download, and then monitors for the message CPF1002 (line 1000). This message indicates that the program is unable to allocate the file because someone else has already allocated it. Then the program copies the user's own network logon program (a PC program) into the download file USER (line 1200). Next, we make sure that the PC Organizer is running (line 1900), because we cannot run PC download commands from the AS/400 without it being active. If it is running, the monitor message (line 2100) will catch that fact. Line 2300 is a CL command that initiates the PC command which, in this program, runs the transfer program to download the file USER to the PC. Then we de-allocate the file for the next person to use. After this is done, the network logon program automatically runs, logging them on to the network. When the logon program is completed, the downloaded file is deleted (from the PC), and after a few more network programs are run, the user sees the network menu.

By using these procedures, we add more security to our network. We utilize the AS/400 feature to limit each user to being signed on to one terminal at a time, and the network allows only one logon per person. The users do not know what their network logon ID and password are (because they are logged on to the network automatically) so they cannot share them with anyone. (The network ID and password are different from their AS/400 ID and password). By being logged on automatically, they only have access to the data they are authorized to. By educating the users that their AS/400 user ID and password control the access and integrity of all of their data across both systems, they are less likely to share their ID and password with anyone.

We feel that in the future this is the way more companies will go when they set up their network security. If a user is not an employee of the company, he or she should not have access to data whether it is on a PC network, AS/400 or any other hardware setup. And again, with this implementation, the security is set up and maintained in one place - on the AS/400. This allows easier setup and maintenance of the security, and increased integrity.

Bruce Knoll Kentwood, Michigan

TechTalk: PC Network Security on the AS/400

Figure 1 Network menu program NETWSECCL

 NETWSECCL: + PGM DCL VAR(&USER) TYPE(*CHAR) LEN(10) RTVJOBA USER(&USER) RETRY: + ALCOBJ OBJ((*LIBL/QTXTSRC *FILE *EXCLRD USER)) MONMSG MSGID(CPF1002) EXEC(GOTO CMDLBL(RETRY)) CPYF FROMFILE(*LIBL/QTXTSRC) TOFILE(*LIBL/QTXTSRC) + FROMMBR(&USER) TOMBR(USER) MBROPT(*REPLACE) FMTOPT(*NOCHK) MONMSG MSGID(CPF2817) EXEC(GOTO CMDLBL(END)) STRPCO PCTA(*NO) MONMSG MSGID(IWS4010) STRPCCMD PCCMD('RTOPCB C:START > NUL') PAUSE(*NO) DLCOBJ OBJ((*LIBL/QTXTSRC *FILE *EXCLRD USER)) ENDPGM
BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Support MC Press Online

$0.00 Raised:
$

Book Reviews

Resource Center

  • SB Profound WC 5536 Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. You can find Part 1 here. In Part 2 of our free Node.js Webinar Series, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Brian will briefly discuss the different tools available, and demonstrate his preferred setup for Node development on IBM i or any platform. Attend this webinar to learn:

  • SB Profound WP 5539More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.

  • SB HelpSystems ROBOT Generic IBM announced the E1080 servers using the latest Power10 processor in September 2021. The most powerful processor from IBM to date, Power10 is designed to handle the demands of doing business in today’s high-tech atmosphere, including running cloud applications, supporting big data, and managing AI workloads. But what does Power10 mean for your data center? In this recorded webinar, IBMers Dan Sundt and Dylan Boday join IBM Power Champion Tom Huntington for a discussion on why Power10 technology is the right strategic investment if you run IBM i, AIX, or Linux. In this action-packed hour, Tom will share trends from the IBM i and AIX user communities while Dan and Dylan dive into the tech specs for key hardware, including:

  • Magic MarkTRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now!  Request Now.

  • SB HelpSystems ROBOT GenericForms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.

  • SB HelpSystems ROBOT GenericIT security is a top priority for businesses around the world, but most IBM i pros don’t know where to begin—and most cybersecurity experts don’t know IBM i. In this session, Robin Tatam explores the business impact of lax IBM i security, the top vulnerabilities putting IBM i at risk, and the steps you can take to protect your organization. If you’re looking to avoid unexpected downtime or corrupted data, you don’t want to miss this session.

  • SB HelpSystems ROBOT GenericCan you trust all of your users all of the time? A typical end user receives 16 malicious emails each month, but only 17 percent of these phishing campaigns are reported to IT. Once an attack is underway, most organizations won’t discover the breach until six months later. A staggering amount of damage can occur in that time. Despite these risks, 93 percent of organizations are leaving their IBM i systems vulnerable to cybercrime. In this on-demand webinar, IBM i security experts Robin Tatam and Sandi Moore will reveal:

  • FORTRA Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:

  • FORTRAManaging messages on your IBM i can be more than a full-time job if you have to do it manually. Messages need a response and resources must be monitored—often over multiple systems and across platforms. How can you be sure you won’t miss important system events? Automate your message center with the Robot Message Management Solution. Key features include:

  • FORTRAThe thought of printing, distributing, and storing iSeries reports manually may reduce you to tears. Paper and labor costs associated with report generation can spiral out of control. Mountains of paper threaten to swamp your files. Robot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing. Manage your reports with the Robot Report Management Solution. Key features include:

  • FORTRAFor over 30 years, Robot has been a leader in systems management for IBM i. With batch job creation and scheduling at its core, the Robot Job Scheduling Solution reduces the opportunity for human error and helps you maintain service levels, automating even the biggest, most complex runbooks. Manage your job schedule with the Robot Job Scheduling Solution. Key features include:

  • LANSA Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.

  • LANSAWhen it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed. Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:

  • LANSASupply Chain is becoming increasingly complex and unpredictable. From raw materials for manufacturing to food supply chains, the journey from source to production to delivery to consumers is marred with inefficiencies, manual processes, shortages, recalls, counterfeits, and scandals. In this webinar, we discuss how:

  • The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit

  • Profound Logic Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.

  • SB Profound WC 5536Join us for this hour-long webcast that will explore:

  • Fortra IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn: