PowerWire.eu

Independent IBM i, AIX and Linux news and tech tips for Europe and beyond

  • Home
  • News
  • Technical Articles
    • IBM i
    • AIX
    • Linux
    • VIOS
  • Subscribe
  • About Us
  • Contact Us
  • Advertise with PowerWire.eu

Finding Non-Encrypted Connections to your IBM i

February 4, 2021 by Steve Bradshaw Leave a Comment

Connecting securely to our systems is more important now than ever before and this is just as true for IBM i as any other platform.  As I’m sure you know you can encrypt your connections to IBM i at no extra cost and there have been many articles written on how to set this up.

What is not so widely written about is how to tell what connections to your system are NOT ENCRYPTED.   

Using an IBM i service to list Non-Encrypted links:

In this example I have created a simple piece of SQL that uses and IBM i Service to list all the encrypted ports on my system, so anything else must therefore be unencrypted.

select *

  from qsys2.netstat_job_info

  where local_port not in

        (9470, 9471, 9472, 9473, 9474, 9475, 9476, 448, 2005, 2010, 5544, 5566, 5577, 992, 22, 9480, 942)

        and Local_Address <> (‘127.0.0.1’)

        and Local_Address not like (‘::%’)

        and Local_Address <> (‘0.0.0.0’)

ProTip: If you have a custom job that runs encrypted on your system you simply add it to the list of ports in the “where local_port not in” clause. 

It’s amazing just how many new connection types can sneak on to your system, and not all of them are encrypted!  I ran this on one of my test servers and was quickly reminded that someone had started up the ftp service and not locked it some to encrypted only.

If you want to know more about what ports are open on your server, then I’d start here on the IBM website but remember as you add new workloads (especially ones you’ve created yourself) then you will need to add these ports in to your audit.

https://www.ibm.com/support/pages/tcpip-ports-required-ibm-i-access-and-related-functions

i-UG goes Hybrid

We are returning to the Mount Hotel in my home town of Wolverhampton for another Hybrid event on the 18th March, we hope to see you there.
For more details check out  www.i-ug.co.uk

Filed Under: IBM i, Technical Articles Tagged With: IBM i, IBM Power Systems

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Free monthly newsletter signup

News

Shield Advanced Solutions Ltd is excited to announce the release Version 2.0 of their Nagios Monitoring plugin for IBM i – AAG!  

Choose AAG to keep and 'eye' on their IBM i. Shield’s simple to install, highly functional solution for … [Read More...]

A screen a story – Sometimes a question mark is not enough

By now you must be getting used to seeing a new version of IBM i Access Client Solutions (ACS) every time a … [Read More...]

RPG Data-Gen Operational Code

Looking back at when I first started writing articles for PowerWire.eu nine years ago, I was bought onboard to … [Read More...]

More articles from this section

Quick Links

  • Advertise
  • Subscribe

Follow Us…

  • Email
  • LinkedIn
  • Twitter

Search This Website

Copyright © 2023 · Cue Communications · All Rights Reserved

Log in