IBM i5/OS Network Security Scenarios A Practical Approach

Book description

This IBM® Redbooks publication provides specific setup information for various scenarios of Internet security. Assuming readers have knowledge of the theories and conceptual parts of the related topics, this book aims to assist i5/OS network security administrators who need to set up any of the scenarios listed in the Table of Contents. Each scenario is a separate chapter.

Table of contents

  1. Notices
    1. Trademarks
  2. Preface
    1. The team that wrote this book
    2. Become a published author
    3. Comments welcome
  3. Chapter 1: i5/OS IP packet filtering
    1. i5/OS IP packet filtering with secure shell
      1. Scenario characteristics
      2. Scenario objectives
      3. Security policy
      4. i5/OS security functions
    2. IP packet filtering step-by-step set up
    3. Verifying the IP packet filtering implementation
    4. Tips and techniques
  4. Chapter 2: Building a DMZ with i5/OS
    1. i5/OS LPAR in DMZ
      1. Scenario characteristics
      2. Scenario objectives
      3. Security policy
      4. Firewall security functions
      5. Web application server LPAR security functions
      6. Production LPAR security functions
    2. Planning for implementation
    3. LPAR DMZ step-by-step set up
      1. Configuring the production i5/OS LPAR partition
      2. Configuring the DMZ logical partition network
    4. Verifying the DMZ implementation
    5. Tips and techniques
  5. Chapter 3: VPN connection with UDP encapsulation
    1. Scenario description
      1. Scenario objectives
      2. Scenario characteristics
      3. Software prerequisites
    2. Planning for implementation
      1. Implementation task summary
    3. Step-by-step set up guide
      1. Configuring VPN on Gateway A (initiator)
      2. Configuring VPN on Host D (responder) (1/3)
      3. Configuring VPN on Host D (responder) (2/3)
      4. Configuring VPN on Host D (responder) (3/3)
      5. Starting the VPN connection
    4. Verifying the implementation
    5. Tips and techniques
  6. Chapter 4: VPN tunnel between Linux and i5/OS
    1. i5/OS IPSec VPN responder with Linux VPN initiator
      1. Scenario characteristics
      2. Scenario objectives
      3. Security policy
      4. i5/OS security functions
    2. Planning Linux SLES10 VPN configuration
      1. Implementation task summary
    3. Linux VPN with IPSec/L2TP step-by-step set up
      1. Overview of Linux IPSec/L2TP configuration
      2. Installing the required software on SLES10
      3. Configuring IPSec on Linux
      4. Starting the Linux IPSec initiator
      5. Verifying IPSec IKE modes
      6. Configuring L2TP/PPP on Linux
      7. Starting the Linux L2TP connection
      8. Verifying the L2TP connection
      9. Stopping the Linux L2TP connection
      10. Stopping the Linux IPSec connection
    4. Tips and techniques
  7. Chapter 5: VPN connection with Windows XP clients
    1. Scenario description
      1. Scenario objectives
      2. Scenario characteristics
      3. Software prerequisites
    2. Planning for implementation
      1. Implementation task summary
    3. Step-by-step set up guide
      1. Configuring the VPN connection on the i5/OS system
      2. Verifying the system-wide VPN responding policy on the i5/OS system
      3. Configuring the L2TP profile on the i5/OS system (1/3)
      4. Configuring the L2TP profile on the i5/OS system (2/3)
      5. Configuring the L2TP profile on the i5/OS system (3/3)
      6. Configuring the VPN connection on the Windows XP system (1/2)
      7. Configuring the VPN connection on the Windows XP system (2/2)
      8. Starting the VPN server on the i5/OS system (responder)
      9. Starting the VPN connection on the Windows XP system (initiator)
    4. Verifying the implementation
      1. Verifying connectivity on the Windows XP system
      2. Verifying connectivity on the i5/OS system (1/2)
      3. Verifying connectivity on the i5/OS system (2/2)
    5. Tips and techniques
  8. Chapter 6: Password elimination using Windows 2003 KDC
    1. What is SSO?
    2. Scenario description
    3. Planning for implementation
      1. Products prerequisites
      2. Before starting
    4. Step-by-step setup guide
      1. Configuring NAS (1/4)
      2. Configuring NAS (2/4)
      3. Configuring NAS (3/4)
      4. Configuring NAS (4/4)
      5. Enabling EIM (1/4)
      6. Enabling EIM (2/4)
      7. Enabling EIM (3/4)
      8. Enabling EIM (4/4)
      9. SSO (1/2)
      10. SSO (2/2)
    5. EIM high availability
      1. Creating a master-master configuration (1/10)
      2. Creating a master-master configuration (2/10)
      3. Creating a master-master configuration (3/10)
      4. Creating a master-master configuration (4/10)
      5. Creating a master-master configuration (5/10)
      6. Creating a master-master configuration (6/10)
      7. Creating a master-master configuration (7/10)
      8. Creating a master-master configuration (8/10)
      9. Creating a master-master configuration (9/10)
      10. Creating a master-master configuration (10/10)
    6. Single sign-on tips
  9. Chapter 7: Securing Telnet for iSeries access using SSL
    1. Scenario description
    2. SSL implementation and iSeries access configuration
      1. SSL prerequisites
      2. SSL port required for iSeries access
  10. Chapter 8: Securing FTP using SSL
    1. Scenario description
    2. Planning for a secure FTP implementation
      1. Prerequisites
    3. Step-by-step set up guide for FTP server
    4. Step-by-step set up guide for FTP client (1/3)
    5. Step-by-step set up guide for FTP client (2/3)
    6. Step-by-step set up guide for FTP client (3/3)
    7. Verifying the Secure FTP
    8. Tips and techniques
  11. Chapter 9: Introduction to OpenSSH for i5/OS
    1. OpenSSH tools and files
    2. i5/OS implementation
    3. Installing the IBM Portable Utilities for i5/OS license program
    4. Example environment
    5. Additional information
  12. Chapter 10: Setting up and running the sshd daemon
    1. Setting up the sshd daemon
      1. Modifying the sshd daemon system configuration
    2. Starting the sshd daemon with Submit Job (SBMJOB)
    3. Starting the sshd daemon in a dedicated subsystem environment
  13. Chapter 11: Establishing an SSH session
    1. Preparing the user environment
      1. Creating the home directory
      2. Setting the home directory permissions
    2. Using SSH between i5/OS environments
      1. Using the ssh utility to run commands remotely
    3. Using SSH from other platforms to i5/OS
      1. Using PuTTY to establish an SSH connection to i5/OS
  14. Chapter 12: Using file transfer and public key authentication with OpenSSH
    1. Setting up public key authentication
    2. Using public key authentication with scp to transfer files
      1. Running the scp command in batch mode
    3. Exploiting public key authentication with ssh
  15. Chapter 13: Protecting traffic with SSH tunnels
    1. Setting up an SSH tunnel between i5/OS environments
    2. Setting up an SSH tunnel between a workstation and i5/OS (1/2)
    3. Setting up an SSH tunnel between a workstation and i5/OS (2/2)
    4. Automating the tunnel session start
  16. Chapter 14: Using SSH to control your HMC
    1. Setting up SSH on the HMC
    2. Setting up public key authentication
    3. Moving resources between partitions using SSH in i5/OS
  17. Related publications
    1. IBM Redbooks publications
    2. Other publications
    3. Online resources
    4. How to get IBM Redbooks publications
    5. Help from IBM
  18. Index (1/2)
  19. Index (2/2)
  20. Back cover

Product information

  • Title: IBM i5/OS Network Security Scenarios A Practical Approach
  • Author(s): Thomas Barlen, Barbara Barlocco, Fernando Hurtado, Craig Jacquez, Yessong Johng
  • Release date: December 2007
  • Publisher(s): IBM Redbooks
  • ISBN: None