151 lines
11 KiB
HTML
151 lines
11 KiB
HTML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE html
|
|
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html lang="en-us" xml:lang="en-us">
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
|
<meta name="security" content="public" />
|
|
<meta name="Robots" content="index,follow" />
|
|
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
|
|
<meta name="DC.Type" content="concept" />
|
|
<meta name="DC.Title" content="Transmission security options" />
|
|
<meta name="abstract" content="Use this information to learn about the security measures that you can use to protect your data as it flows across an untrusted network, such as the Internet. Learn more about security measures for using the Secure Sockets Layer (SSL), iSeries Access Express, and Virtual Private Network (VPN) connections." />
|
|
<meta name="description" content="Use this information to learn about the security measures that you can use to protect your data as it flows across an untrusted network, such as the Internet. Learn more about security measures for using the Secure Sockets Layer (SSL), iSeries Access Express, and Virtual Private Network (VPN) connections." />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaj4secoverview.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaj45bydigitalcerts.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaj45zxaddingvpn.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaj40a0internetsecurity.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaj45lbasiccorpusage.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="../apis/unix9.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaj45bydigitalcerts.htm" />
|
|
<meta name="DC.Relation" scheme="URI" content="rzaj45zxaddingvpn.htm" />
|
|
<meta name="copyright" content="(C) Copyright IBM Corporation 1999, 2006" />
|
|
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1999, 2006" />
|
|
<meta name="DC.Format" content="XHTML" />
|
|
<meta name="DC.Identifier" content="rzaj45zhcryptointro" />
|
|
<meta name="DC.Language" content="en-us" />
|
|
<!-- All rights reserved. Licensed Materials Property of IBM -->
|
|
<!-- US Government Users Restricted Rights -->
|
|
<!-- Use, duplication or disclosure restricted by -->
|
|
<!-- GSA ADP Schedule Contract with IBM Corp. -->
|
|
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
|
|
<link rel="stylesheet" type="text/css" href="./ic.css" />
|
|
<title>Transmission security options</title>
|
|
</head>
|
|
<body id="rzaj45zhcryptointro"><a name="rzaj45zhcryptointro"><!-- --></a>
|
|
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
|
|
<h1 class="topictitle1">Transmission security options</h1>
|
|
<div><p><span>Use this information to learn about
|
|
the security measures that you can use to protect your data as it flows across
|
|
an untrusted network, such as the Internet. Learn more about security measures
|
|
for using the Secure Sockets Layer (SSL), iSeries™ Access Express, and Virtual Private
|
|
Network (VPN) connections.</span></p>
|
|
<p>Remember that the JKL Toy company scenario has two primary iSeries systems.
|
|
They use one for development and the other for production applications. Both
|
|
of these systems handle mission-critical data and applications. Consequently,
|
|
they chose to add a new iSeries system on a perimeter network to handle their
|
|
intranet and Internet applications.</p>
|
|
<p>Establishing a perimeter network ensures that they have some physical separation
|
|
between their internal network and the Internet. This separation decreases
|
|
the Internet risks to which their internal systems are vulnerable. By designating
|
|
the new iSeries server
|
|
as an Internet server only, the company also decreases the complexity of managing
|
|
their network security.</p>
|
|
<p><img src="./delta.gif" alt="Start of change" />Because of the pervasive need for security in an Internet environment, IBM<sup>®</sup> is
|
|
continually developing security offerings to ensure a secure networking environment
|
|
for conducting e-business on the Internet. In an Internet environment you
|
|
must ensure that you provide both system specific and application specific
|
|
security. However, moving confidential information through a company intranet
|
|
or across an Internet connection further increases the need to enact stronger
|
|
security solutions. To combat these risks you should put security measures
|
|
into effect that protect the transmission of data while it travels over the
|
|
Internet.<img src="./deltaend.gif" alt="End of change" /></p>
|
|
<p>You can minimize the risks associated with moving information across untrusted
|
|
systems with two specific transmission level security offerings for iSeries: Secure
|
|
Sockets Layer (SSL) secure communications and Virtual Private Networking (VPN)
|
|
connections.</p>
|
|
<p><strong><a href="../rzain/rzainoverview.htm">Securing applications with SSL</a></strong></p>
|
|
<p>The Secure Sockets Layer (SSL) protocol is a de facto industry standard
|
|
for securing communication between clients and servers. SSL was originally
|
|
developed for web browser applications, but an increasing number of other
|
|
applications are now able to use SSL. For iSeries server, these include:</p>
|
|
<ul><li>IBM HTTP
|
|
Server for iSeries (original
|
|
and powered by Apache)</li>
|
|
<li>FTP server</li>
|
|
<li>Telnet server</li>
|
|
<li>Distributed relational database architecture (DRDA<sup>®</sup>) and distributed data management</li>
|
|
<li>(DDM) server</li>
|
|
<li>Management Central in iSeries Navigator</li>
|
|
<li>Directory Services Server (LDAP)</li>
|
|
<li>iSeries Access
|
|
Express applications, including iSeries Navigator, and applications that
|
|
are written to the iSeries Access Express set of application programming
|
|
interfaces (APIs)</li>
|
|
<li>Programs developed with Developer Kit for Java™ and client applications that use IBM Toolkit
|
|
for Java</li>
|
|
<li>Programs developed with Secure Sockets Layer (SSL) Application Programmable
|
|
Interfaces (APIs) which can be used to enable SSL on applications. See the
|
|
Secure Sockets Layer APIs for more information about how to write programs
|
|
that use SSL.</li>
|
|
</ul>
|
|
<p>Several of these applications also support the use of digital certificates
|
|
for client authentication. SSL relies on digital certificates to authenticate
|
|
the communication parties and to create a secure connection.</p>
|
|
<p><strong><a href="../rzaja/rzajagetstart.htm">iSeries Virtual
|
|
Private Networking (VPN)</a></strong></p>
|
|
<p>You can use your iSeries system VPN connections to establish a secure
|
|
communications channel between two endpoints. Like an SSL connection, the
|
|
data that travels between the endpoints can be encrypted, thereby providing
|
|
both data confidentiality and data integrity. VPN connections, however, allow
|
|
you to limit the traffic flow to the endpoints that you specify and to restrict
|
|
the type of traffic that can use the connection. Therefore, VPN connections
|
|
provide some network level security by helping you to protect your network
|
|
resources from unauthorized access.</p>
|
|
<p><strong>Which method should you use?</strong></p>
|
|
<p><img src="./delta.gif" alt="Start of change" />Both of these security methods discuss the need for secure authentication,
|
|
data confidentiality and data integrity. Which of these methods you should
|
|
use depends on several factors. Factors to consider are who you are communicating
|
|
with, what applications you use to communicate with them, how secure you need
|
|
the communication to be, and what trade-offs in cost and performance you are
|
|
willing to make to secure this communication.<img src="./deltaend.gif" alt="End of change" /></p>
|
|
<p><img src="./delta.gif" alt="Start of change" />Also, if you want to use a specific application with SSL, that
|
|
application must be set up to use SSL. Although many applications cannot take
|
|
advantage of SSL yet, many others, like Telnet and iSeries Access Express, have added SSL
|
|
capability. VPNs, however, allow you to protect all IP traffic that flows
|
|
between specific connection endpoints.<img src="./deltaend.gif" alt="End of change" /></p>
|
|
<p><img src="./delta.gif" alt="Start of change" />For example, you may use HTTP over SSL currently
|
|
to allow a business partner to communicate with a Web server on your internal
|
|
network. If the Web server is the only secure application that you need between
|
|
you and your business partner, then you may not want to switch to a VPN connection.
|
|
However, if you want to expand your communications, you may want to use a
|
|
VPN connection instead. Also, you may have a situation in which you need to
|
|
protect traffic in a portion of your network, but you do not want to individually
|
|
configure each client and server to use SSL. You might create a gateway-to-gateway
|
|
VPN connection for that portion of the network. This would secure the traffic,
|
|
but the connection is transparent to individual servers and clients on either
|
|
side of the connection.<img src="./deltaend.gif" alt="End of change" /></p>
|
|
</div>
|
|
<div>
|
|
<ul class="ullinks">
|
|
<li class="ulchildlink"><strong><a href="rzaj45bydigitalcerts.htm">Using digital certificates for SSL</a></strong><br />
|
|
Digital certificates provide the foundation for using the Secure Sockets Layer (SSL) for secure communications and as a stronger means of authentication.</li>
|
|
<li class="ulchildlink"><strong><a href="rzaj45zxaddingvpn.htm">Virtual Private Networks (VPN) for secure private communications</a></strong><br />
|
|
You can use a Virtual Private Network (VPN) to communicate privately and securely within your organization.</li>
|
|
</ul>
|
|
|
|
<div class="familylinks">
|
|
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzaj4secoverview.htm" title="Accessing the Internet from your LAN is a major step in the evolution of your network that will require you to reassess your security requirements.">iSeries and Internet security</a></div>
|
|
</div>
|
|
<div class="relconcepts"><strong>Related concepts</strong><br />
|
|
<div><a href="rzaj40a0internetsecurity.htm" title="Your security policy defines what you want to protect and what you expect of your system users.">The layered defense approach to security</a></div>
|
|
<div><a href="rzaj45lbasiccorpusage.htm" title="Describes a typical business, the JKL Toy Company which has decided to expand its business objectives by using the Internet. Although the company is fictitious, their plans for using the Internet for e-business and their resulting security needs are representative of many real world company situations.">Scenario: JKL Toy Company e-business plans</a></div>
|
|
<div><a href="rzaj45bydigitalcerts.htm" title="Digital certificates provide the foundation for using the Secure Sockets Layer (SSL) for secure communications and as a stronger means of authentication.">Using digital certificates for SSL</a></div>
|
|
<div><a href="rzaj45zxaddingvpn.htm" title="You can use a Virtual Private Network (VPN) to communicate privately and securely within your organization.">Virtual Private Networks (VPN) for secure private communications</a></div>
|
|
</div>
|
|
<div class="relref"><strong>Related reference</strong><br />
|
|
<div><a href="../apis/unix9.htm">Secure Sockets Layer APIs</a></div>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html> |