Generally, computerized companies
have web servers, FTP, files sharing solutions... As daemons are
listening application servers, they are likely to be attacked so
these critical points need to be secured. An uncontrolled application
server may become a Trojan horse. Some daemons implementations such
as files sharing, FTP server, etc. expose whole or part of the company's
file tree - it implies that an object-oriented security and its
periodic follow-up have to be configured.
IPLS, whose platform and monitors
sending and reception flows (orders, invoices, etc.), i.e. the customer'
critical operations, took the problem at his source. "As TBT/400
never exposes machine's file tree, it exempts from implementing
the object-oriented security." It still remains the common
risk to all daemons : identity usurpation. What maximum damage,
how to detect it and how to cure it? "TBT/400 answers it with
its concept of dynamic files (no crushed risk), destructive reading
(faster detection in case of usurped access) and by alerts management
(log, syslog, exit, mail, sms)".
Level 1 : administration
of a network security
2 : Genesis
3 : basic principles of network security in IP environment
4 : what is necessary to do or not to do
5 : how automated files exchange can be integrated into this architecture...