PowerWire.eu

Independent IBM i, AIX and Linux news and tech tips for Europe and beyond

  • Home
  • News
  • Technical Articles
    • IBM i
    • AIX
    • Linux
    • VIOS
  • Subscribe
  • About Us
  • Contact Us
  • Advertise with PowerWire.eu

Finding Non-Encrypted Connections to your IBM i

February 4, 2021 by Steve Bradshaw Leave a Comment

Connecting securely to our systems is more important now than ever before and this is just as true for IBM i as any other platform.  As I’m sure you know you can encrypt your connections to IBM i at no extra cost and there have been many articles written on how to set this up.

What is not so widely written about is how to tell what connections to your system are NOT ENCRYPTED.   

Using an IBM i service to list Non-Encrypted links:

In this example I have created a simple piece of SQL that uses and IBM i Service to list all the encrypted ports on my system, so anything else must therefore be unencrypted.

select *

  from qsys2.netstat_job_info

  where local_port not in

        (9470, 9471, 9472, 9473, 9474, 9475, 9476, 448, 2005, 2010, 5544, 5566, 5577, 992, 22, 9480, 942)

        and Local_Address <> (‘127.0.0.1’)

        and Local_Address not like (‘::%’)

        and Local_Address <> (‘0.0.0.0’)

ProTip: If you have a custom job that runs encrypted on your system you simply add it to the list of ports in the “where local_port not in” clause. 

It’s amazing just how many new connection types can sneak on to your system, and not all of them are encrypted!  I ran this on one of my test servers and was quickly reminded that someone had started up the ftp service and not locked it some to encrypted only.

If you want to know more about what ports are open on your server, then I’d start here on the IBM website but remember as you add new workloads (especially ones you’ve created yourself) then you will need to add these ports in to your audit.

https://www.ibm.com/support/pages/tcpip-ports-required-ibm-i-access-and-related-functions

i-UG goes Hybrid

We are returning to the Mount Hotel in my home town of Wolverhampton for another Hybrid event on the 18th March, we hope to see you there.
For more details check out  www.i-ug.co.uk

Related Posts

  • An Ansible Environment Setup
  • An Ansible IBM i Disk CheckerAn Ansible IBM i Disk Checker
  • WRKRDBDIRE part 2 – MYSELF and DDMDRDAWRKRDBDIRE part 2 – MYSELF and DDMDRDA
  • A screen a story – IBM i 7.5 – Set Subsystem RoutingA screen a story – IBM i 7.5 – Set Subsystem Routing
  • LFTP on IBM iLFTP on IBM i
  • Dot Files on IBM iDot Files on IBM i

Filed Under: IBM i, Technical Articles Tagged With: IBM i, IBM Power Systems

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Free monthly newsletter signup

News

Bring Power to the cloud with Northdoor and Skytap

For organisations that run their x86 workloads on Azure, Skytap offers the ability to bring IBM Power … [Read More...]

An Ansible Environment Setup

Firstly, thank-you to all those who attended my Ansible workshop and presentation of Visual Studio Code at the … [Read More...]

Remain Software Milestone 3

NIEUWEGEIN, Netherlands — Today Remain Software is pleased to announce the third Milestone of TD/OMS V14 and … [Read More...]

More articles from this section

Quick Links

  • Advertise
  • Subscribe

Follow Us…

  • Email
  • LinkedIn
  • Twitter

Search This Website

Copyright © 2022 · Cue Communications · All Rights Reserved

Log in