ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvriskaccessdir.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Risk: Access to system directories through mapped drives" />
<meta name="abstract" content="This topic describes security risks to system directories and provides recommendations for reducing these risks." />
<meta name="description" content="This topic describes security risks to system directories and provides recommendations for reducing these risks." />
<meta name="DC.Relation" scheme="URI" content="rzamvsecurityinternet.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="riskaccessdir" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Risk: Access to system directories through mapped drives</title>
</head>
<body id="riskaccessdir"><a name="riskaccessdir"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Risk: Access to system directories through mapped drives</h1>
<div><p>This topic describes security risks to system directories and provides
recommendations for reducing these risks.</p>
<p>Assume that a PC is connected to your server with an IBM<sup>®</sup> iSeries™ Access
for Windows<sup>®</sup> session.
The session set up mapped drives to link to the system's integrated file system.
For example, the PC’s <span class="filepath">G</span> drive might map to the integrated
file system of the SYSTEM1 server in the network.</p>
<p>Now assume that the same PC user has a browser and can access the Internet.
The user requests a Web page that runs a mischievous <span class="q">"program"</span> such as
a Java™ applet
or an Active-X control. Conceivably, the program could attempt to erase everything
on the PC’s <span class="filepath">G</span> drive.</p>
<div class="p">You have several protections against damage to mapped drives:<ul><li>Your most important protection is resource security on your server. The Java applet
or Active-X control looks to the server like the user who established the
PC session. You need to carefully manage what each PC user is authorized
to do on your server.</li>
<li>Advise your PC users to set their browsers to prevent attempts to access
mapped drives. This works for Java applets but not for Active-X controls.</li>
<li>Educate your users about the dangers of being connected to your server
and the Internet in the same session. Also, make sure your PC users understand
that drives remain mapped even when the iSeries Access session appears to be
ended.</li>
</ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvsecurityinternet.htm" title="Use this information to learn about common security threats from using Internet browsers.">Security considerations for internet browsers</a></div>
</div>
</div>
</body>
</html>