ibm-information-center/dist/eclipse/plugins/i5OS.ic.ddp_5.4.0.1/rbal1elementsusetcp.htm

77 lines
6.4 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Elements of security in a TCP/IP network" />
<meta name="abstract" content="DDM and DRDA over native TCP/IP does not use i5/OS communications security services and concepts such as communications devices, modes, secure location attributes, and conversation security levels which are associated with Advanced Program-to-Program Communication (APPC). Therefore, security setup for TCP/IP is quite different." />
<meta name="description" content="DDM and DRDA over native TCP/IP does not use i5/OS communications security services and concepts such as communications devices, modes, secure location attributes, and conversation security levels which are associated with Advanced Program-to-Program Communication (APPC). Therefore, security setup for TCP/IP is quite different." />
<meta name="DC.Relation" scheme="URI" content="rbal1secdb.htm" />
<meta name="DC.Relation" scheme="URI" content="rbal1sourcesecurity.htm" />
<meta name="DC.Relation" scheme="URI" content="rbal1targetsecurity.htm" />
<meta name="DC.Relation" scheme="URI" content="rbal1connsec.htm" />
<meta name="DC.Relation" scheme="URI" content="rbal1sslddm.htm" />
<meta name="DC.Relation" scheme="URI" content="rbal1ipsecddm.htm" />
<meta name="DC.Relation" scheme="URI" content="rbal1clearpass.htm" />
<meta name="DC.Relation" scheme="URI" content="rbal1ports.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rbal1elementsusetcp" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Elements of security in a TCP/IP network</title>
</head>
<body id="rbal1elementsusetcp"><a name="rbal1elementsusetcp"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Elements of security in a TCP/IP network</h1>
<div><p>DDM and DRDA<sup>®</sup> over native TCP/IP does not use <span class="keyword">i5/OS™</span> communications
security services and concepts such as communications devices, modes, secure
location attributes, and conversation security levels which are associated
with Advanced Program-to-Program Communication (APPC). Therefore, security
setup for TCP/IP is quite different.</p>
</div>
<div>
<ul class="ullinks">
<li class="ulchildlink"><strong><a href="rbal1sourcesecurity.htm">Application requester security in a TCP/IP network</a></strong><br />
Different connectivity scenarios call for using different levels of authentication. Therefore, an administrator can set the lowest security authentication method required by the application requester (AR) when connecting to an application server (AS) by setting the preferred authentication method field in each RDB directory entry.</li>
<li class="ulchildlink"><strong><a href="rbal1targetsecurity.htm">Application server security in a TCP/IP network</a></strong><br />
The TCP/IP server has a default security of user ID with clear-text password. This means that, as the server is installed, inbound TCP/IP connection requests must have at least a clear-text password accompanying the user ID under which the server job is to run.</li>
<li class="ulchildlink"><strong><a href="rbal1connsec.htm">Connection security protocols for DDM and DRDA</a></strong><br />
Several connection security protocols are supported by the current <span class="keyword">DB2<sup>®</sup> UDB for iSeries™</span> implementation of distributed
data management (DDM) or Distributed Relational
Database Architecture™ (DRDA) over TCP/IP.</li>
<li class="ulchildlink"><strong><a href="rbal1sslddm.htm">Secure Sockets Layer for DDM and DRDA</a></strong><br />
DB2
Universal Database™ for <span class="keyword">iSeries™</span> Distributed
Relational Database Architecture™ (DRDA) clients do not support Secure Sockets
Layer (SSL).</li>
<li class="ulchildlink"><strong><a href="rbal1ipsecddm.htm">Internet Protocol Security Architecture for DDM and DRDA</a></strong><br />
Internet Protocol Security Architecture (IPSec) is a security protocol in the network layer that provides cryptographic security services. These services support confidential delivery of data over the Internet or intranets.</li>
<li class="ulchildlink"><strong><a href="rbal1clearpass.htm">Considerations for certain passwords being sent as clear text</a></strong><br />
Although <span class="keyword">iSeries™</span> supports
the encryption of connection passwords, one of the connection security options
you can specify in setting up an RDB directory entry is *USRIDPWD.</li>
<li class="ulchildlink"><strong><a href="rbal1ports.htm">Ports and port restrictions for DDM/DRDA</a></strong><br />
With the advent of new choices for the security of distributed
data management (DDM) communications, the <span class="keyword">iSeries™</span> server
administrator can restrict certain communications modes by blocking the ports
they use. This topic discusses some of these considerations.</li>
</ul>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rbal1secdb.htm" title="A distributed relational database administrator needs to protect the resources of the application servers in the network without unnecessarily restricting access to data by application requesters (ARs) in the network.">Elements of distributed relational database security</a></div>
</div>
</div>
</body>
</html>