friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaiw_5.4.0.1/rzaiwsecpreventaccess.htm

96 lines
6.4 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Prevent Telnet access" />
<meta name="abstract" content="If you do not plan to use the Telnet server, follow the steps in this topic to disable it. This procedure ensures that it will not be used without your knowledge." />
<meta name="description" content="If you do not plan to use the Telnet server, follow the steps in this topic to disable it. This procedure ensures that it will not be used without your knowledge." />
<meta name="DC.Relation" scheme="URI" content="rzaiwusracc.htm" />
<meta name="DC.Relation" scheme="URI" content="http://www.iana.org/" />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzaiwsecpreventaccess" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Prevent Telnet access</title>
</head>
<body id="rzaiwsecpreventaccess"><a name="rzaiwsecpreventaccess"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Prevent Telnet access</h1>
<div><p>If you do not plan to use the Telnet server, follow the steps in
this topic to disable it. This procedure ensures that it will not be used
without your knowledge.</p>
<p>If you do not want anyone to use Telnet to access your iSeries™ server,
you should prevent the Telnet server from running. To prevent Telnet access
to your iSeries,
complete these tasks.</p>
<div class="section" xml:lang="en-us" id="rzaiwsecpreventaccess__preventtelnetfstartauto"><a name="rzaiwsecpreventaccess__preventtelnetfstartauto"><!-- --></a><h4 class="sectiontitle">Prevent Telnet
from starting automatically</h4><p>To prevent Telnet server jobs from starting
automatically when you start TCP/IP, follow these steps:</p>
<ol><li>In iSeries Navigator,
expand <span class="menucascade"><span class="uicontrol">your iSeries Server</span> &gt; <span class="uicontrol">Network</span> &gt; <span class="uicontrol">Servers</span> &gt; <span class="uicontrol">TCP/IP</span></span>.</li>
<li>Right-click <span class="uicontrol">Telnet</span> and select <span class="uicontrol">Properties</span>.</li>
<li>Clear <span class="uicontrol">Start when TCP/IP starts</span>.</li>
</ol>
</div>
<div class="section" xml:lang="en-us" id="rzaiwsecpreventaccess__preventaccesstotelnetports"><a name="rzaiwsecpreventaccess__preventaccesstotelnetports"><!-- --></a><h4 class="sectiontitle">Prevent access
to Telnet ports</h4><p>To prevent Telnet from starting and to prevent someone
from associating a user application, such as a socket application, with the
port that the iSeries normally
uses for Telnet, follow these steps:</p>
<ol><li>In iSeries Navigator, click <span class="menucascade"><span class="uicontrol">your
iSeries Server</span> &gt; <span class="uicontrol">Network</span> &gt; <span class="uicontrol">Servers</span> &gt; <span class="uicontrol">TCP/IP</span></span>.</li>
<li>Right-click <span class="uicontrol">TCP/IP Configuration</span> and select <span class="uicontrol">Properties</span>.</li>
<li>In the TCP/IP Configuration Properties window, click the <span class="uicontrol">Port
Restrictions</span> tab.</li>
<li>On the Port Restrictions page, click <span class="uicontrol">Add</span>.</li>
<li>On the Add Port Restriction page, specify the following values:<ul><li><span class="uicontrol">User name</span>: Specify a user profile name that is
protected on your iSeries. (A protected user profile is a user profile
that does not own programs that adopt authority and does not have a password
that is known by other users.) By restricting the port to a specific user,
you automatically exclude all other users.</li>
<li><span class="uicontrol">Starting port</span>: <samp class="codeph">23</samp> (for non-SSL
TELNET) or <samp class="codeph">992</samp> (for SSL TELNET)</li>
<li><span class="uicontrol">Ending port</span>: <samp class="codeph">23</samp> (for non-SSL
TELNET) or <samp class="codeph">992</samp> (for SSL TELNET)</li>
<li><span class="uicontrol">Protocol</span>: TCP</li>
</ul>
<div class="note"><span class="notetitle">Note:</span> These port numbers are specified in the Work with
Service Table Entries (WRKSRVTBLE) table under .Telnet-ssl. They might be
mapped to ports other than 23 and 992. Repeat this process for each port that
you want to restrict. The Internet Assigned Numbers Authority (IANA) provides
information about common port number assignments.</div>
</li>
<li>Click <span class="uicontrol">OK</span> to add the restriction.</li>
<li>On the Port Restrictions page, click <span class="uicontrol">Add</span> and repeat
the procedure for the User Datagram Protocol (UDP) protocol.</li>
<li>Click <span class="uicontrol">OK</span> to save your port restrictions and to
close the TCP/IP Configuration Properties window.</li>
<li>The port restriction takes effect the next time that you start TCP/IP.
If TCP/IP is active when you set the port restrictions, you should end TCP/IP
and start it again.</li>
</ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaiwusracc.htm" title="This topic provides procedures for securing Telnet on your server.">Telnet security</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="http://www.iana.org/" target="_blank">Internet Assigned Numbers Authority (IANA)</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink