Webulator/400 should be considered a secure means of delivering access to 5250 applications and data across the Internet when configured properly. This section is intended to help explain and assist in the setup of the security for both the Webulator/400 product and the AS/400 running Webulator/400. The topics covered should not be considered the only security areas to address nor the only material to consider. These suggestions are intended to compliment the security that you already have set up on your AS/400 and TCP/IP network.
There are two different categories of TCP/IP networks, secured and non-secured. A secured network would be a network which does not have a connection to the Internet (also termed an intranet) where all of the machines and users with TCP/IP access on the network are secured or trusted with access of an AS/400 sign on screen. A non-secured network would be a network with connectivity to the Internet (where the public has access to your Web Server/400 port running Webulator/400) or an intranet which has non-secured machines and users with TCP/IP access on the network.
Prior to running Webulator/400, the network may have been considered secure if the only access to a 5250 terminal was through a twinax connection, a controlled telnet environment, or a secure SNA network (auto creation of controller was disabled). Once the Webulator/400 product is placed on this network (regardless of Internet or intranet network), if there are users on your LAN with TCP/IP access they may have access to a 5250 screen which they previously did not. The presence of these users on the LAN could define the network as being a non-secured intranet network.
If your network has been defined as a non-secure network then it would be advisable to consider the security assistance provided within this section to compliment the security procedures that you already have in place. If you are running Webulator/400 within a secure intranet, it should require no additional security beyond your traditional 5250 connection currently available on the LAN. However, if your secure network has consisted of solely twinax connected 5250 terminals up to this point it would be advisable to consider these security topics.