IP Security
After choosing an Internet Service Provider (ISP) and setting up your Internet
connection, you will also need to create and implement a security policy. Such a
policy can be used to incorporate the rules governing computer resources and
communications resources within your organization. The inherent security features
of AS/400, when properly configured, provide you with the ability to minimize many
risks. However, when you connect to the Internet, you should consider additional
security measures to further ensure the safety of your AS/400 system and your
network.
The first step in developing a security policy is that you understand the risks that
are imposed by each service you intend to use or provide. Once you have identified
these risks and created a security policy in response to them, you will be prepared
to take the necessary steps to enforce them. Toname a few, these steps may
include employee training and the purchase of additional hardware or software.
As you create a security policy and outline security objectives for your organization,
the following resources may be helpful:
vThe book,
Tips and Toolsfor Securing Your AS/400
, SC41-5300-03
vThe
AS/400e Information Center
offers a list of current topics about using the
Internet. Look there for information about IP packet filtering and network address
translation (NAT). It is located at the following URLaddress:
http://publib.boulder.ibm.com/html/as400/infocenter.html
Classes of Networks
Each internet address is comprised of a pair of numbers that correspond to its
network address, or network ID and host address, or host ID. The network ID
represents the network within the internet, and the host ID specifies an individual
host or router within the network.
internet address = <network ID><host ID>
The value of the first byte of the Internet address specifies how the Internet address
should be separated into its network and host part, as shown in Table1. The 4-byte
address is divided between network ID and host ID in five different ways or classes.
The five classes of Internet addresses are: A, B, C, D, and E.Also shown is the
maximum number of hosts per network for each class.
Table1. Classes of Networks
Network Class Range of First
Byte Network ID Host ID
Maximum Number
of Hosts per
Network Class
ClassA 0to 127
1
First byte Last 3
bytes 16 777 214
Class B 128 to 191 First 2 bytes Last2
bytes 65 534
Class C 192to 223 First 3 bytes Lastbyte 254
Class D 224to 239 Multicast
Class E
2
240 to 255 Reservedfor future
use
4OS/400 TCP/IPConfiguration and Reference V4R4
|
|
|
|
|