ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaj4_5.4.0.1/rzaj45zgiptraffic.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Network security options" />
<meta name="abstract" content="Use this information to learn about the network level security measures that you should consider using to protect your internal resources." />
<meta name="description" content="Use this information to learn about the network level security measures that you should consider using to protect your internal resources." />
<meta name="DC.Relation" scheme="URI" content="rzaj4secoverview.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaj4fwfirewallconcept.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaj45hpacketsecurity.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaj45zvsolutions.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaj40a0internetsecurity.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaj40a0internetsecurity.htm" />
<meta name="DC.Relation" scheme="URI" content="http://www.redbooks.ibm.com/pubs/pdfs/redbooks/sg246152.pdf" />
<meta name="DC.Relation" scheme="URI" content="rzaj45lbasiccorpusage.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaj45hpacketsecurity.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaj45zvsolutions.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1999, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1999, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaj45zgiptraffic" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Network security options</title>
</head>
<body id="rzaj45zgiptraffic"><a name="rzaj45zgiptraffic"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Network security options</h1>
<div><p><span>Use this information to learn about
the network level security measures that you should consider using to protect
your internal resources.</span></p>
<p><img src="./delta.gif" alt="Start of change" />When connecting to an untrusted network, your security policy
must describe a comprehensive security scheme, including the security measures
that you will put into effect at the network level. Installing a firewall
is one of the best means of deploying a comprehensive set of network security
measures.<img src="./deltaend.gif" alt="End of change" /></p>
<p>Also, your Internet Service Provider (ISP) can and should provide an important
element in your network security plan. Your network security scheme should
outline what security measures your Internet Service Provider (ISP) will provide,
such as filtering rules for the ISP router connection and public Domain Name
Service (DNS) precautions.</p>
<p>Although a firewall certainly represents one of your main lines of defense
in your total security plan, it should not be your <strong>only</strong> line of defense.
Because potential Internet security risks can occur at a variety of levels,
you need to set up security measures that provide multiple layers of defense
against these risks.</p>
<p>While a firewall provides a tremendous amount of protection from certain
kinds of attack, a firewall is only part of your total security solution.
For instance, a firewall cannot necessarily protect data that you send over
the Internet through applications such as SMTP mail, FTP, and TELNET. Unless
you choose to encrypt this data, anyone on the Internet can access it as it
travels to its destination.</p>
<p>You should strongly consider using a firewall product as your main line
of defense whenever you connect your iSeries™ server or your internal network
to the Internet. Although you can no longer purchase the IBM<sup>®</sup> Firewall for AS/400<sup>®</sup> product
and support for the product is no longer available, there are a number of
other products that you can use. See All You Need to Know When Migrating from IBM Firewall
for AS/400 for
details scenarios on different migration options.</p>
<p><img src="./delta.gif" alt="Start of change" />Because commercial firewall products provide a full range of
network security technologies, the JKL Toy Company has chosen to use one in
their e-business security scenario e-business security scenario to protect
their network. However, their firewall does not provide any protection for
their new iSeries Internet
server. Consequently, they have chosen to carry out the iSeries Packet
rules feature to create filter and NAT rules to control traffic for the Internet
server.<img src="./deltaend.gif" alt="End of change" /></p>
<div class="section"><h4 class="sectiontitle">About iSeries Packet rules</h4><p>Packet filter rules
let you protect your computer systems by rejecting or accepting IP packets
according to criteria that you define. NAT rules allow you to hide your internal
system information from external users by substituting one IP address for
another, public IP address. Although IP packet filter and NAT rules are core
network security technologies, they do not provide the same level of security
that a fully functional firewall product does. You should carefully analyze
your security needs and objectives when deciding between a complete firewall
product and the iSeries packet
rules feature.</p>
<p><span>Review the topic <a href="rzaj45zvsolutions.htm#rzaj45zvsolutions">Choosing iSeries network
security options</a> to help you decide which approach is right for your
security needs.</span></p>
</div>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rzaj4fwfirewallconcept.htm">Firewalls</a></strong><br />
A firewall is a blockade between a secure internal network and an untrusted network such as the Internet.</li>
<li class="ulchildlink"><strong><a href="rzaj45hpacketsecurity.htm">iSeries Packet rules</a></strong><br />
iSeries packet
rules is an integrated feature of i5/OS™ available from the iSeries Navigator
interface.</li>
<li class="ulchildlink"><strong><a href="rzaj45zvsolutions.htm">Choosing iSeries network security options</a></strong><br />
Provides you with a concise discussion on which security options you should choose based on your Internet usage plans</li>
</ul>

<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaj4secoverview.htm" title="Accessing the Internet from your LAN is a major step in the evolution of your network that will require you to reassess your security requirements.">iSeries and Internet security</a></div>
</div>
<div class="relconcepts"><strong>Related concepts</strong><br />
<div><a href="rzaj40a0internetsecurity.htm" title="Your security policy defines what you want to protect and what you expect of your system users.">The layered defense approach to security</a></div>
<div><a href="rzaj45lbasiccorpusage.htm" title="Describes a typical business, the JKL Toy Company which has decided to expand its business objectives by using the Internet. Although the company is fictitious, their plans for using the Internet for e-business and their resulting security needs are representative of many real world company situations.">Scenario: JKL Toy Company e-business plans</a></div>
<div><a href="rzaj45hpacketsecurity.htm" title="iSeries packet rules is an integrated feature of i5/OS available from the iSeries Navigator interface.">iSeries Packet rules</a></div>
<div><a href="rzaj45zvsolutions.htm" title="Provides you with a concise discussion on which security options you should choose based on your Internet usage plans">Choosing iSeries network security options</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="http://www.redbooks.ibm.com/pubs/pdfs/redbooks/sg246152.pdf" target="_blank">All You Need to Know When Migrating from IBM Firewall for AS/400</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="concept" />`
			`<meta name="DC.Title" content="Network security options" />`
			`<meta name="abstract" content="Use this information to learn about the network level security measures that you should consider using to protect your internal resources." />`
			`<meta name="description" content="Use this information to learn about the network level security measures that you should consider using to protect your internal resources." />`
			`<meta name="DC.Relation" scheme="URI" content="rzaj4secoverview.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzaj4fwfirewallconcept.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzaj45hpacketsecurity.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzaj45zvsolutions.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzaj40a0internetsecurity.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzaj40a0internetsecurity.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="http://www.redbooks.ibm.com/pubs/pdfs/redbooks/sg246152.pdf" />`
			`<meta name="DC.Relation" scheme="URI" content="rzaj45lbasiccorpusage.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzaj45hpacketsecurity.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzaj45zvsolutions.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 1999, 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1999, 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzaj45zgiptraffic" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>Network security options</title>`
			`</head>`
			`<body id="rzaj45zgiptraffic"><a name="rzaj45zgiptraffic"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">Network security options</h1>`
			`<div><p><span>Use this information to learn about`
			`the network level security measures that you should consider using to protect`
			`your internal resources.</span></p>`
			`<p><img src="./delta.gif" alt="Start of change" />When connecting to an untrusted network, your security policy`
			`must describe a comprehensive security scheme, including the security measures`
			`that you will put into effect at the network level. Installing a firewall`
			`is one of the best means of deploying a comprehensive set of network security`
			`measures.<img src="./deltaend.gif" alt="End of change" /></p>`
			`<p>Also, your Internet Service Provider (ISP) can and should provide an important`
			`element in your network security plan. Your network security scheme should`
			`outline what security measures your Internet Service Provider (ISP) will provide,`
			`such as filtering rules for the ISP router connection and public Domain Name`
			`Service (DNS) precautions.</p>`
			`<p>Although a firewall certainly represents one of your main lines of defense`
			`in your total security plan, it should not be your <strong>only</strong> line of defense.`
			`Because potential Internet security risks can occur at a variety of levels,`
			`you need to set up security measures that provide multiple layers of defense`
			`against these risks.</p>`
			`<p>While a firewall provides a tremendous amount of protection from certain`
			`kinds of attack, a firewall is only part of your total security solution.`
			`For instance, a firewall cannot necessarily protect data that you send over`
			`the Internet through applications such as SMTP mail, FTP, and TELNET. Unless`
			`you choose to encrypt this data, anyone on the Internet can access it as it`
			`travels to its destination.</p>`
			`<p>You should strongly consider using a firewall product as your main line`
			`of defense whenever you connect your iSeries™ server or your internal network`
			`to the Internet. Although you can no longer purchase the IBM<sup>®</sup> Firewall for AS/400<sup>®</sup> product`
			`and support for the product is no longer available, there are a number of`
			`other products that you can use. See All You Need to Know When Migrating from IBM Firewall`
			`for AS/400 for`
			`details scenarios on different migration options.</p>`
			`<p><img src="./delta.gif" alt="Start of change" />Because commercial firewall products provide a full range of`
			`network security technologies, the JKL Toy Company has chosen to use one in`
			`their e-business security scenario e-business security scenario to protect`
			`their network. However, their firewall does not provide any protection for`
			`their new iSeries Internet`
			`server. Consequently, they have chosen to carry out the iSeries Packet`
			`rules feature to create filter and NAT rules to control traffic for the Internet`
			`server.<img src="./deltaend.gif" alt="End of change" /></p>`
			`<div class="section"><h4 class="sectiontitle">About iSeries Packet rules</h4><p>Packet filter rules`
			`let you protect your computer systems by rejecting or accepting IP packets`
			`according to criteria that you define. NAT rules allow you to hide your internal`
			`system information from external users by substituting one IP address for`
			`another, public IP address. Although IP packet filter and NAT rules are core`
			`network security technologies, they do not provide the same level of security`
			`that a fully functional firewall product does. You should carefully analyze`
			`your security needs and objectives when deciding between a complete firewall`
			`product and the iSeries packet`
			`rules feature.</p>`
			`<p><span>Review the topic <a href="rzaj45zvsolutions.htm#rzaj45zvsolutions">Choosing iSeries network`
			`security options</a> to help you decide which approach is right for your`
			`security needs.</span></p>`
			`</div>`
			`</div>`
			`<div>`
			`<ul class="ullinks">`
			`<li class="ulchildlink"><strong><a href="rzaj4fwfirewallconcept.htm">Firewalls</a></strong><br />`
			`A firewall is a blockade between a secure internal network and an untrusted network such as the Internet.</li>`
			`<li class="ulchildlink"><strong><a href="rzaj45hpacketsecurity.htm">iSeries Packet rules</a></strong><br />`
			`iSeries packet`
			`rules is an integrated feature of i5/OS™ available from the iSeries Navigator`
			`interface.</li>`
			`<li class="ulchildlink"><strong><a href="rzaj45zvsolutions.htm">Choosing iSeries network security options</a></strong><br />`
			`Provides you with a concise discussion on which security options you should choose based on your Internet usage plans</li>`
			`</ul>`

			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaj4secoverview.htm" title="Accessing the Internet from your LAN is a major step in the evolution of your network that will require you to reassess your security requirements.">iSeries and Internet security</a></div>`
			`</div>`
			`<div class="relconcepts"><strong>Related concepts</strong><br />`
			`<div><a href="rzaj40a0internetsecurity.htm" title="Your security policy defines what you want to protect and what you expect of your system users.">The layered defense approach to security</a></div>`
			`<div><a href="rzaj45lbasiccorpusage.htm" title="Describes a typical business, the JKL Toy Company which has decided to expand its business objectives by using the Internet. Although the company is fictitious, their plans for using the Internet for e-business and their resulting security needs are representative of many real world company situations.">Scenario: JKL Toy Company e-business plans</a></div>`
			`<div><a href="rzaj45hpacketsecurity.htm" title="iSeries packet rules is an integrated feature of i5/OS available from the iSeries Navigator interface.">iSeries Packet rules</a></div>`
			`<div><a href="rzaj45zvsolutions.htm" title="Provides you with a concise discussion on which security options you should choose based on your Internet usage plans">Choosing iSeries network security options</a></div>`
			`</div>`
			`<div class="relinfo"><strong>Related information</strong><br />`
			`<div><a href="http://www.redbooks.ibm.com/pubs/pdfs/redbooks/sg246152.pdf" target="_blank">All You Need to Know When Migrating from IBM Firewall for AS/400</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`