Develop an Internet protection program

Develop an internet protection program that works for you.

Because the iSeries™ Navigator for Wireless servlet needs to obtain the user ID of the remote user, the web application server will need to be configured or set up to authenticate the user. The servlet uses this user ID to communicate with Management Central. Because this authentication can take place over the internet, the user needs to develop a protection plan to protect this authentication information (user ID and password).

Also, the data that is transferred between the client and the server contains systems management information. An analysis should be done to determine the level of protection you require for this data. The following questions need to be considered in developing this plan.

• What services will be used to access the servlet (use the Internet, use browsers on clients attached to the central system, or both)?
• What client devices will be used and what are the security capabilities of the browsers used on the devices?
• How will the desired protection be configured or be set up on a Web application server such as IBM^® WebSphere^® or ASF Tomcat servlet engine, and IBM HTTP Server for iSeries?
• What is the sensitivity of the data transferred between the client and server?

In developing this protection plan, refer to i5/OS™ Internet Security Scenarios: A Practical Approach^®.

The following IBM WebSphere Application Server web page and ASF Jakarta Tomcat home page may also be helpful in developing a protection plan. These pages also provide documentation on the security protection capabilities of the client devices and browsers to be used.