Anybody’s first reaction to the suggestion that somebody can execute IBM i commands and programs from a mobile phone would probably be “How can I prevent somebody from accidentally or intentionally making an error?” There is a natural fear-factor associated with this type of technology, and a number of security questions are raised.
The answers to these questions are outlined below.
According to www.gsmworld.com: “From the outset, GSM has been a system designed with stringent levels of in-built security. With constantly enhanced transmission protocols and algorithms added to the flexible and future proof platform, GSM remains the most secure public wireless standard in the world.”
QRemote Control was designed to enable controlled access from within the firewall perimeter. A firewall controls IP traffic, and doesn't seem to be an appropriate tool for controlling this type of traffic.
Although the GSM device is able to act as a modem, QRemote Control will simply pick up the line and drop it immediately if someone should ring the number. It will only accept GSM messages from authorized numbers. We control the device directly, and do not configure it as a Windows device of any kind, other than the serial port used to connect to the device.
The GSM modem and the PC communicate using the serial protocol, not an Ethernet protocol. There is no way that someone can use the GSM modem to break into a network in the way that network-enabled devices can.
We log the phone numbers of authorized users. Commands and exit programs run and send messages to QSYSOPR, which can be monitored for in the usual way. QMessage Monitor performs normal logging of replies and users, as though the entries had been made locally.
We authenticate users on the basis of the phone number of the mobile. Support users can run exit programs and commands, and reply to messages. The ability to run commands can be switched off by user and exit programs can also be limited by user. Individual commands and replies can be controlled using iSeries security and QMessage Monitor security respectively.
We log the user, not the handset as such; however, a handset can be mapped to only one QMessage Monitor user record.
Still have questions? We can help. Submit a case to Technical Support.