IP Security
After choosing an Internet Service Provider (ISP) and setting up your Internet
connection, you will also need to create and implement a security policy. Such a
policy can be used to incorporate the rules governing computer resources and
communications resources within your organization. The inherent security features
of AS/400, when properly configured, provide you with the ability to minimize many
risks. However, when you connect to the Internet, you should consider additional
security measures to further ensure the safety of your AS/400 system and your
network.
The first step in developing a security policy is that you understand the risks that
are imposed by each service you intend to use or provide. Once you have identified
these risks and created a security policy in response to them, you will be prepared
to take the necessary steps to enforce them. To name a few, these steps may
include employee training and the purchase of additional hardware or software.
As you create a security policy and outline security objectives for your organization,
the following resources may be helpful:
v The book,
Tips and Tools for Securing Your AS/400
, SC41-5300-03
v The
AS/400e Information Center
offers a list of current topics about using the
Internet. Look there for information about IP packet filtering and network address
translation (NAT). It is located at the following URL address:
http://publib.boulder.ibm.com/html/as400/infocenter.html
Classes of Networks
Each internet address is comprised of a pair of numbers that correspond to its
network address, or network ID and host address, or host ID. The network ID
represents the network within the internet, and the host ID specifies an individual
host or router within the network.
internet address = <network ID><host ID>
The value of the first byte of the Internet address specifies how the Internet address
should be separated into its network and host part, as shown in Table 1. The 4-byte
address is divided between network ID and host ID in five different ways or classes.
The five classes of Internet addresses are: A, B, C, D, and E. Also shown is the
maximum number of hosts per network for each class.
Table 1. Classes of Networks
Network Class
Range of First
Byte Network ID Host ID
Maximum Number
of Hosts per
Network Class
Class A 0 to 127
1
First byte Last 3
bytes
16 777 214
Class B 128 to 191 First 2 bytes Last 2
bytes
65 534
Class C 192 to 223 First 3 bytes Last byte 254
Class D 224 to 239 Multicast
Class E
2
240 to 255 Reserved for future
use
4 OS/400 TCP/IP Configuration and Reference V4R4
|
|
|
|
|