Anything that you can do to discourage unwanted access to your IBM i system is a good idea. So, when I heard about Port Restrictions, I immediately thought that it would be a great idea to just shut down all the unused ports on our test box.
Have you ever wondered who is connected to your system with a network connection? In these days of interconnected systems, this should be a concern for all IBM i security officers. Even if you have fully deployed firewalls and exit point security, the answer to the above question might contain some surprises.
Many IBM i shops keep the SMTP server active on their system to support host-based applications that format and send e-mail messages directly from their IBM i system. With the SMTP server active, you could leave your system open to spammers who could take over the SMTP server to relay their spam messages. This tip describes how to control SMTP relay on your system.
The classic IBM i signon screen has been around since forever. I first saw it in 1988 when I took delivery of my first AS/400 system, a lowly B10. In the old days, the appearance of the signon screen made no difference since the system was a closed system. With the advent of networks, this situation changed dramatically.
With more and more people working remotely, controlling remote access to your IBM i from 5250 terminal session users is more important than ever. More IBM i shops are opening their systems up to remote access and a terminal session exposes your system to potential abuse.