PowerWire.eu

Independent IBM i, AIX and Linux news and tech tips for Europe and beyond

  • Home
  • News
  • Technical Articles
    • IBM i
    • AIX
    • Linux
    • VIOS
  • Subscribe
  • About Us
  • Contact Us
  • Advertise with PowerWire.eu

Finding Non-Encrypted Connections to your IBM i

February 4, 2021 by Steve Bradshaw Leave a Comment

Connecting securely to our systems is more important now than ever before and this is just as true for IBM i as any other platform.  As I’m sure you know you can encrypt your connections to IBM i at no extra cost and there have been many articles written on how to set this up.

What is not so widely written about is how to tell what connections to your system are NOT ENCRYPTED.   

Using an IBM i service to list Non-Encrypted links:

In this example I have created a simple piece of SQL that uses and IBM i Service to list all the encrypted ports on my system, so anything else must therefore be unencrypted.

select *

  from qsys2.netstat_job_info

  where local_port not in

        (9470, 9471, 9472, 9473, 9474, 9475, 9476, 448, 2005, 2010, 5544, 5566, 5577, 992, 22, 9480, 942)

        and Local_Address <> (‘127.0.0.1’)

        and Local_Address not like (‘::%’)

        and Local_Address <> (‘0.0.0.0’)

ProTip: If you have a custom job that runs encrypted on your system you simply add it to the list of ports in the “where local_port not in” clause. 

It’s amazing just how many new connection types can sneak on to your system, and not all of them are encrypted!  I ran this on one of my test servers and was quickly reminded that someone had started up the ftp service and not locked it some to encrypted only.

If you want to know more about what ports are open on your server, then I’d start here on the IBM website but remember as you add new workloads (especially ones you’ve created yourself) then you will need to add these ports in to your audit.

https://www.ibm.com/support/pages/tcpip-ports-required-ibm-i-access-and-related-functions

i-UG goes Hybrid

We are returning to the Mount Hotel in my home town of Wolverhampton for another Hybrid event on the 18th March, we hope to see you there.
For more details check out  www.i-ug.co.uk

Filed Under: IBM i, Technical Articles Tagged With: IBM i, IBM Power Systems

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Free monthly newsletter signup

News

A screen a story – Not our problem anymore

Last week I ran into an issue, which did teach me something new about the command WRKPRB. After checking a … [Read More...]

Raspberry Pi and Machine Learning

In my last article, I demonstrated how I used Machine Learning on the Raspberry Pi to determine if a … [Read More...]

Shield Advanced Solutions – new Messaging and Monitoring solutions

September 2022 – Toronto As Shield Advanced Solutions celebrates the significant milestone, 25 years of … [Read More...]

More articles from this section

Quick Links

  • Advertise
  • Subscribe

Follow Us…

  • Email
  • LinkedIn
  • Twitter

Search This Website

Copyright © 2023 · Cue Communications · All Rights Reserved

Log in