Developing an Internet protection program
Because user authentication of iSeries™ Navigator for Wireless takes place over the Internet, you should develop an Internet protection program to protect authentication information.
Because the iSeries Navigator for Wireless servlet needs to obtain the user ID of the remote user, the Web application server needs to be configured or set up to authenticate the user. The servlet uses this user ID to communicate with Management Central. Because this authentication can take place over the Internet, a protection plan is necessary to protect the authentication information (user ID and password).
Also, the data that is transferred between the client and the server contains systems management information. An analysis should be done to determine the level of protection you require for this data. The following questions need to be considered in developing this plan.
- What services will be used to access the servlet (use the Internet, use browsers on clients attached to the central system, or both)?
- What client devices will be used and what are the security capabilities of the browsers used on the devices?
- How will the desired protection be configured or be set up on a Web application server, such as IBM® WebSphere® Application Server, Apache Software Foundation (ASF) Tomcat servlet engine, and IBM HTTP Server for i5/OS®?
- What is the sensitivity of the data transferred between the client and server?
When developing a protection plan, refer to AS/400® Internet Security Scenarios: A Practical Approach. The IBM WebSphere Application Server Web page and ASF Jakarta Tomcat home page might also be helpful in developing a protection plan. These pages also provide documentation on the security protection capabilities of the client devices and browsers to be used.
Parent topic:
Setting up iSeries Navigator for Wireless
Related information
AS/400 Internet Security Scenarios: A Practical Approach IBM WebSphere Application Server ASF Jakarta Tomcat