Manualshelf

Installation manual

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTERPRISE SERVER 6.0 - PROGRAMMER GUIDE TO SERVLETS
51525354555657585960
Chapter 9. Security
Whether you are implementing Host On-Demand purely within your corporate
network, or you are using it to provide access to your host systems over the
Internet, security is a concern. Host On-Demand uses Secure Sockets Layer (SSL)
protocol to provide security for emulator sessions. SSL is an industry-standard
protocol that provides encryption and authentication on connections across a
TCP/IP network, using X.509 certificates. Host On-Demand supports encryption of
emulation sessions and server/client authentication according to the SSL Version 3
standard.
Support is provided for the following:
v RSA type-4 data encryption on connections between the Host On-Demand
emulators and Telnet servers that support SSL Version 3
v X.509 certificates
v Bulk encryption algorithms using keys up to 168 bits in length
v Authentication algorithms using keys up to 1024 bits in length
v Server and client authentication
v Support for storage and use of client certificates on the client system
v Optional prompting of user for client certificate when requested by server
A Certificate Wizard (Windows NT, Windows 95, Windows 98 and Windows 2000
only) and a graphical Certificate Management utility are provided to:
v Create certificate requests
v Receive and store certificates
v Create self-signed certificates
Using SSL
SSL is supported only on Windows NT and AIX redirectors, and on clients that
have Netscape Communicator 4 or Microsoft Internet Explorer 4 or later browsers.
Host On-Demand provides secure connections between the following:
v A client and the Host On-Demand Redirector or other Telnet server that
supports SSL
v Two Host On-Demand redirectors
There are several security options that you can configure. Configuring all of them
provides the most security possible:
TLS-based Telnet Security
You can allow the security negotiations between the client and the Telnet
server to occur on the established Telnet connection for Host On-Demand
3270 display and printer sessions, if the Telnet server supports this option.
See Telnet-negotiated security in the Host On-Demand online help for
more information.
Server authentication
Encrypting the data exchange between the client and the server does not
guarantee the client is communicating with the correct server. To help
avoid this danger, you can enable server authentication, so that the client,
© Copyright IBM Corp. 1997, 2001 47