Use this information to learn about the network level security measures that you should consider using to protect your internal resources.
When connecting to an untrusted network, your security policy
must describe a comprehensive security scheme, including the security measures
that you will put into effect at the network level. Installing a firewall
is one of the best means of deploying a comprehensive set of network security
measures.
Also, your Internet Service Provider (ISP) can and should provide an important element in your network security plan. Your network security scheme should outline what security measures your Internet Service Provider (ISP) will provide, such as filtering rules for the ISP router connection and public Domain Name Service (DNS) precautions.
Although a firewall certainly represents one of your main lines of defense in your total security plan, it should not be your only line of defense. Because potential Internet security risks can occur at a variety of levels, you need to set up security measures that provide multiple layers of defense against these risks.
While a firewall provides a tremendous amount of protection from certain kinds of attack, a firewall is only part of your total security solution. For instance, a firewall cannot necessarily protect data that you send over the Internet through applications such as SMTP mail, FTP, and TELNET. Unless you choose to encrypt this data, anyone on the Internet can access it as it travels to its destination.
You should strongly consider using a firewall product as your main line of defense whenever you connect your iSeries™ server or your internal network to the Internet. Although you can no longer purchase the IBM® Firewall for AS/400® product and support for the product is no longer available, there are a number of other products that you can use. See All You Need to Know When Migrating from IBM Firewall for AS/400 for details scenarios on different migration options.
Because commercial firewall products provide a full range of
network security technologies, the JKL Toy Company has chosen to use one in
their e-business security scenario e-business security scenario to protect
their network. However, their firewall does not provide any protection for
their new iSeries Internet
server. Consequently, they have chosen to carry out the iSeries Packet
rules feature to create filter and NAT rules to control traffic for the Internet
server.
About iSeries Packet rules
Packet filter rules let you protect your computer systems by rejecting or accepting IP packets according to criteria that you define. NAT rules allow you to hide your internal system information from external users by substituting one IP address for another, public IP address. Although IP packet filter and NAT rules are core network security technologies, they do not provide the same level of security that a fully functional firewall product does. You should carefully analyze your security needs and objectives when deciding between a complete firewall product and the iSeries packet rules feature.
Review the topic Choosing iSeries network security options to help you decide which approach is right for your security needs.