All of the system values shown in this blog post can be accessed at the same time using the following command (Work With System Values):
WRKSYSVAL SYSVAL(*SYSCTL)
The display looks like this:
Or edit system values in Nav:
The easiest way to control access through network services is just to shut off the server function if you don't need it. But, you probably need TELNET, especially if you're running terminal sessions.
To establish control over how TELNET sessions are issued you can:
For even more control use the TELNET exit point in the OS.
Our exit point firewall, SafeNet/i can be used to lock down TELNET.
TELNET for SSL
The default TELNET configuration transmits data as open text when used for remote system access. You should encrypt that data stream. You an do this with SSL.
Server Configuration:
You must have the following options installed in the OS
This process will require you to set up a self-issued digital certificate on your system and then assign it to several applications, including TELNET.
After configuration DCM, update TELNET attributes (command CHGTELNA)
Set Allow Secure Socket Layer (ALWSSL) parameter to *YES. This will allow both SSL and non-SSL Telnet connections. Once you are satisfied with the way the SSL connection is working, you can consider changing this setting to *ONLY which will then refuse non-SSL connection attempts.
You can configure TELNET settings in Nav:
Client Configuration:
Update Client Access configuration on the desktop. This process imports the certificate you created and reconfigures the terminal session to use SSL.
Using ACS, create a terminal session. When the session has been created, select the Configuration option under the Communications drop down menu to update the protocols. Note that when the Protocol is changed to "Telnet - TLS/SSL", the "Destination Port" will be changed to 992. Click on OK and the session configuration change will be set correctly. Make sure that you now save it.
