ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaiq_5.4.0.1/rzaiqreq.htm

80 lines
5.2 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Prepare for anonymous File Transfer Protocol" />
<meta name="abstract" content="You might need to know how to set up your anonymous File Transfer Protocol (FTP) and ensure the security of your FTP." />
<meta name="description" content="You might need to know how to set up your anonymous File Transfer Protocol (FTP) and ensure the security of your FTP." />
<meta name="DC.Relation" scheme="URI" content="rzaiqftpanon.htm" />
<meta name="DC.Relation" scheme="URI" content="rzaiqextprog.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaiqreq" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Prepare for anonymous File Transfer Protocol</title>
</head>
<body id="rzaiqreq"><a name="rzaiqreq"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Prepare for anonymous File Transfer Protocol</h1>
<div><p> You might need to know how to set up your anonymous File Transfer
Protocol (FTP) and ensure the security of your FTP.</p>
<div class="section"><h4 class="sectiontitle">Skill requirements</h4><p>To set up anonymous FTP, you
need the following skills:</p>
<ul><li>Familiarity with the iSeries™ character-based interface and commands with
multiple parameters and keywords.</li>
<li>Ability to create libraries, members, and source physical files on your iSeries (you
should have at least *SECOFR authority).</li>
<li>Ability to assign authorities to libraries, files, members, and programs.</li>
<li>Ability to write, change, compile, and test programs on your iSeries server.</li>
</ul>
</div>
<div class="section"><h4 class="sectiontitle">Security considerations</h4><p>The first step in implementing
anonymous FTP is to define your anonymous FTP server site policy. This plan
defines the FTP site security and determines how to code your exit programs.
Because the FTP server will allow anyone to access your data, you must carefully
consider how you want it to be used, and what data must be protected.</p>
<p>Review the following guidelines for your FTP site policy plan:</p>
<ul><li>Use a firewall between your iSeries server and the Internet.</li>
<li>Use a non-production iSeries for your FTP server.</li>
<li>Do not attach the FTP server to the rest of your company's LANs or WANs.</li>
<li>Use FTP exit programs to secure access to the FTP server.</li>
<li>Test FTP exit programs to ensure that they do not contain security loopholes.</li>
<li>Do not allow anonymous FTP users to have read and write access to the
same directory. This permits the anonymous user to be untraceable on the Internet.</li>
<li>Allow ANONYMOUS access only. Do not allow any other userids and do not
authenticate passwords.</li>
<li>Restrict ANONYMOUS access to one public library or directory only. (Where
will it be? What will you call it?)</li>
<li>Place only public access files in the public library or directory.</li>
<li>Restrict ANONYMOUS users to 'view' and 'retrieve' subcommands only (get,
mget). <span class="uicontrol">Do not under any circumstances allow ANONYMOUS users to
use CL commands.</span></li>
<li>Log all access to your iSeries FTP server.</li>
<li>Review FTP server logs daily or weekly for possible attacks.</li>
<li>Verify that the FTP server registers the correct exit programs once a
month.</li>
<li>Test the FTP server for security holes once a month.</li>
</ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiqftpanon.htm" title="Anonymous File Transfer Protocol (FTP) enables remote users to use the FTP server without an assigned user ID and password.">Configure anonymous File Transfer Protocol</a></div>
<div class="nextlink"><strong>Next topic:</strong> <a href="rzaiqextprog.htm" title="To use anonymous File Transfer Protocol (FTP), you need to write two exit programs: FTP Server Logon exit program and FTP Server Request Validation exit program.">Write exit programs for anonymous File Transfer Protocol</a></div>
</div>
</div>
</body>
</html>