You might need to know how to set up your anonymous File Transfer
Protocol (FTP) and ensure the security of your FTP.
Skill requirements
To set up anonymous FTP, you
need the following skills:
- Familiarity with the iSeries™ character-based interface and commands with
multiple parameters and keywords.
- Ability to create libraries, members, and source physical files on your iSeries (you
should have at least *SECOFR authority).
- Ability to assign authorities to libraries, files, members, and programs.
- Ability to write, change, compile, and test programs on your iSeries server.
Security considerations
The first step in implementing
anonymous FTP is to define your anonymous FTP server site policy. This plan
defines the FTP site security and determines how to code your exit programs.
Because the FTP server will allow anyone to access your data, you must carefully
consider how you want it to be used, and what data must be protected.
Review the following guidelines for your FTP site policy plan:
- Use a firewall between your iSeries server and the Internet.
- Use a non-production iSeries for your FTP server.
- Do not attach the FTP server to the rest of your company's LANs or WANs.
- Use FTP exit programs to secure access to the FTP server.
- Test FTP exit programs to ensure that they do not contain security loopholes.
- Do not allow anonymous FTP users to have read and write access to the
same directory. This permits the anonymous user to be untraceable on the Internet.
- Allow ANONYMOUS access only. Do not allow any other userids and do not
authenticate passwords.
- Restrict ANONYMOUS access to one public library or directory only. (Where
will it be? What will you call it?)
- Place only public access files in the public library or directory.
- Restrict ANONYMOUS users to 'view' and 'retrieve' subcommands only (get,
mget). Do not under any circumstances allow ANONYMOUS users to
use CL commands.
- Log all access to your iSeries FTP server.
- Review FTP server logs daily or weekly for possible attacks.
- Verify that the FTP server registers the correct exit programs once a
month.
- Test the FTP server for security holes once a month.