77 lines
6.4 KiB
HTML
77 lines
6.4 KiB
HTML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<!DOCTYPE html
|
||
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||
|
<html lang="en-us" xml:lang="en-us">
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||
|
<meta name="security" content="public" />
|
||
|
<meta name="Robots" content="index,follow" />
|
||
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
||
|
<meta name="DC.Type" content="concept" />
|
||
|
<meta name="DC.Title" content="Elements of security in a TCP/IP network" />
|
||
|
<meta name="abstract" content="DDM and DRDA over native TCP/IP does not use i5/OS communications security services and concepts such as communications devices, modes, secure location attributes, and conversation security levels which are associated with Advanced Program-to-Program Communication (APPC). Therefore, security setup for TCP/IP is quite different." />
|
||
|
<meta name="description" content="DDM and DRDA over native TCP/IP does not use i5/OS communications security services and concepts such as communications devices, modes, secure location attributes, and conversation security levels which are associated with Advanced Program-to-Program Communication (APPC). Therefore, security setup for TCP/IP is quite different." />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rbae5secdb.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rbae5sourcesecurity.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rbae5targetsecurity.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rbae5connsec.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rbae5sslddm.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rbae5ipsecddm.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rbae5clearpass.htm" />
|
||
|
<meta name="DC.Relation" scheme="URI" content="rbae5ports.htm" />
|
||
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1999, 2006" />
|
||
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1999, 2006" />
|
||
|
<meta name="DC.Format" content="XHTML" />
|
||
|
<meta name="DC.Identifier" content="rbae5elementsusetcp" />
|
||
|
<meta name="DC.Language" content="en-us" />
|
||
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
||
|
<!-- US Government Users Restricted Rights -->
|
||
|
<!-- Use, duplication or disclosure restricted by -->
|
||
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
||
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
||
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
||
|
<title>Elements of security in a TCP/IP network</title>
|
||
|
</head>
|
||
|
<body id="rbae5elementsusetcp"><a name="rbae5elementsusetcp"><!-- --></a>
|
||
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
||
|
<h1 class="topictitle1">Elements of security in a TCP/IP network</h1>
|
||
|
<div><p>DDM and DRDA<sup>®</sup> over native TCP/IP does not use <span class="keyword">i5/OS™</span> communications
|
||
|
security services and concepts such as communications devices, modes, secure
|
||
|
location attributes, and conversation security levels which are associated
|
||
|
with Advanced Program-to-Program Communication (APPC). Therefore, security
|
||
|
setup for TCP/IP is quite different.</p>
|
||
|
</div>
|
||
|
<div>
|
||
|
<ul class="ullinks">
|
||
|
<li class="ulchildlink"><strong><a href="rbae5sourcesecurity.htm">Application requester security in a TCP/IP network</a></strong><br />
|
||
|
Different connectivity scenarios call for using different levels of authentication. Therefore, an administrator can set the lowest security authentication method required by the application requester (AR) when connecting to an application server (AS) by setting the preferred authentication method field in each RDB directory entry.</li>
|
||
|
<li class="ulchildlink"><strong><a href="rbae5targetsecurity.htm">Application server security in a TCP/IP network</a></strong><br />
|
||
|
The TCP/IP server has a default security of user ID with clear-text password. This means that, as the server is installed, inbound TCP/IP connection requests must have at least a clear-text password accompanying the user ID under which the server job is to run.</li>
|
||
|
<li class="ulchildlink"><strong><a href="rbae5connsec.htm">Connection security protocols for DDM or DRDA</a></strong><br />
|
||
|
Several connection security protocols are supported by the current <span class="keyword">DB2<sup>®</sup> UDB for iSeries™</span> implementation of distributed
|
||
|
data management (DDM) or Distributed Relational
|
||
|
Database Architecture™ (DRDA) over TCP/IP.</li>
|
||
|
<li class="ulchildlink"><strong><a href="rbae5sslddm.htm">Secure Sockets Layer for DDM and DRDA</a></strong><br />
|
||
|
DB2
|
||
|
Universal Database™ for <span class="keyword">iSeries™</span> Distributed
|
||
|
Relational Database Architecture™ (DRDA) clients do not support Secure Sockets
|
||
|
Layer (SSL).</li>
|
||
|
<li class="ulchildlink"><strong><a href="rbae5ipsecddm.htm">Internet Protocol Security Protocol for DDM/DRDA</a></strong><br />
|
||
|
Internet Protocol Security Protocol (IPSec) is a security protocol in the network layer that provides cryptographic security services. These services support confidential delivery of data over the Internet or intranets.</li>
|
||
|
<li class="ulchildlink"><strong><a href="rbae5clearpass.htm">Considerations for certain passwords being passed as clear text</a></strong><br />
|
||
|
Although <span class="keyword">iSeries™</span> supports
|
||
|
the encryption of connection passwords, one of the connection security options
|
||
|
you can specify in setting up an RDB directory entry is *USRIDPWD.</li>
|
||
|
<li class="ulchildlink"><strong><a href="rbae5ports.htm">Ports and port restrictions for DDM/DRDA</a></strong><br />
|
||
|
With the advent of new choices for security of distributed data
|
||
|
management (DDM) communications, the <span class="keyword">iSeries™</span> server
|
||
|
administrator can restrict certain communications modes by blocking the ports
|
||
|
they use. This topic discusses some of these considerations.</li>
|
||
|
</ul>
|
||
|
|
||
|
<div class="familylinks">
|
||
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rbae5secdb.htm" title="A distributed relational database administrator needs to protect the resources of the application servers in the network without unnecessarily restricting access to data by application requesters (ARs) in the network.">Elements of distributed relational database security</a></div>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|