friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6290434003
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvtcpsecdialout.htm

86 lines
5.5 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Secure dial-out sessions" />
<meta name="abstract" content="Users on your iSeries system might want to establish dial-out connections to systems that require user validation." />
<meta name="description" content="Users on your iSeries system might want to establish dial-out connections to systems that require user validation." />
<meta name="DC.Relation" scheme="URI" content="rzamvtcpslip.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="tcpsecdialout" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Secure dial-out sessions</title>
</head>
<body id="tcpsecdialout"><a name="tcpsecdialout"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Secure dial-out sessions</h1>
<div><p>Users on your iSeries™ system might want to establish dial-out connections
to systems that require user validation.</p>
<div class="section"> The connection dialog script on your iSeries server must send a user ID and
a password to the remote system. iSeries servers provide a secure method
for storing that password. The password does not need to be stored in the
connection dialog script.<div class="note"><span class="notetitle">Note:</span> <ol><li>your system decrypts the password before sending it. SLIP passwords, like
FTP and TELNET passwords, are sent unencrypted (“in the clear”). However,
unlike with FTP and TELNET, the SLIP password is sent before the systems establish
TCP/IP mode. </li>
<li>Because SLIP uses a point-to-point connection in asynchronous mode, the
security exposure when sending unencrypted passwords is different from the
exposure with FTP and TELNET passwords. Unencrypted FTP and TELNET passwords
might be sent as IP traffic on a network and are, therefore, vulnerable to
electronic sniffing. The transmission of your SLIP password is as secure as
the telephone connection between the two systems. 2. The default file for
storing SLIP connection dialog scripts is QUSRSYS/QATOCPPSCR. The public authority
for this file is *USE, which prevents public users from changing the default
connection dialog scripts.</li>
</ol>
</div>
When you create a connection profile for a remote session that
requires validation, do the following:</div>
<ol><li><span>Ensure that the Retain Server Security Data (QRETSVRSEC) system
value is 1 (Yes). This system value determines whether you will allow passwords
that can be decrypted to be stored in a protected area on your system.</span></li>
<li><span>Use the WRKTCPPTP command to create a configuration profile that
has the following characteristics:</span><ol type="a"><li class="substepexpand"><span>For the mode of the configuration profile, specify *DIAL.</span></li>
<li class="substepexpand"><span>For the Remote service access name, specify the user ID that
the remote system expects. For example, if you are connecting to another iSeries server,
specify the user profile name on that iSeries server.</span></li>
<li class="substepexpand"><span>For the Remote service access password, specify the password
that the remote system expects for this user ID. On your iSeries server,
this password is stored in a protected area in a form that can be decrypted.
The names and passwords that you assign for configuration profiles are associated
with the QTCP user profile. The names and passwords are not accessible with
any user commands or interfaces. Only registered system programs can access
this password information.</span> <div class="note"><span class="notetitle">Note:</span> Keep in mind that the passwords
for your connection profiles are not saved when your save the TCP/IP configuration
files. To save SLIP passwords, you need to use the Save Security Data (SAVSECDTA)
command to save the QTCP user profile.</div>
</li>
<li class="substepexpand"><span>For the connection dialog script, specify a script that sends
the user ID and password. The system ships with several sample dialog scripts
that provide this function. When the system runs the script, the system retrieves
the password, decrypts it, and sends it to the remote system.</span></li>
</ol>
</li>
</ol>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvtcpslip.htm" title="TCP/IP support includes Serial Interface Line Protocol (SLIP).">Security considerations for using SLIP</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink