Security has been an important issue ever since organizations first used computers to run their businesses and digital media to store their data. These concerns intensified commensurate with the dramatic increase in business computing and data storage over the years. Yet, at the same time that security demands have been forcing IT departments to spend more time locking down systems and data, competitive pressures and shareholder demands have pressured organizations to ratchet up productivity aggressively.
These two objectives—rigorous security and maximal productivity—often conflict. Security management can be a painstaking job. If you leave exposed even the smallest of holes into your systems, a malicious hacker can exploit that vulnerability to steal corporate data or vandalize your operations. Yet if security measures are overly rigorous or they are applied where they are inappropriate, legitimate users will find themselves locked out of the data and applications they need to perform their jobs. Consequently, ensuring that everything that needs to be secured is secured, without inadvertently blocking essential business processes, can be a complex and time-consuming task for the security administrator.
Recognizing these issues, on March 5, 2007, Bytware announced the addition of a GUI interface to its StandGuard Network Security solution. The GUI, which is provided as an alternative to, rather than a replacement for, the existing green-screen interface, improves administrative productivity and augments the features of StandGuard Network Security, with the objective of helping to make security administration, monitoring, and auditing easier, faster, more accurate, and less labor-intensive. The green-screen interface remains available for security managers and administrators who want to continue to use it.
The new GUI enhances StandGuard Network Security 3.1 by simplifying and accelerating the administration, monitoring, and management of the object security already inherent in the product, while adding new features to further enhance the protection that the product offers. Along with the functionality that had been available through the existing green-screen, features provided by the GUI include a robust event viewer, a time-saving browser, and export capabilities to enhance the analysis of security data. The GUI also offers the ability to search and filter SQL statements, providing users with a new method for studying system security.
The browse feature allows administrators to add users, groups, IFS objects, database objects, programs, and commands by using existing lists on the system, thereby significantly reducing the time required to establish and maintain security policies.
Users can employ the event viewer to set display colors, leverage advanced search technology, and export events in either CSV or TXT format. The GUI makes it easy to sort database objects by object or library type; sort programs and commands by object, library, or type; and sort and select displayed fields when reviewing events.
StandGuard Network Security's export capabilities give System i administrators the ability to target specific events and analyze them more thoroughly, enhancing the effectiveness of security and aiding in investigations and regulatory compliance.
StandGuard Network Security has always included extensive reporting, as discussed below. The GUI expands these capabilities by adding more reporting functionality and by simplifying report generation and access. For example, it allows users to create custom reports for any selection criteria and save them for future use. It also lets users easily export captured SQL statements to CSV or TXT format.
"We are very excited to be launching a graphical user interface for StandGuard Network Security that mirrors all the features accessible through our green-screen interface, as well as expanding further our extensive reporting and exit point security functionality and multiple system management," said Bytware's president, Christine Grant.
Key GUI Features
The GUI is a System i Navigator plug-in that provides a wide range of functionality, including the following:
Configure Global Settings
- Turn StandGuard Network Security on or off.
- Select an event type to log.
- Specify the level of logging for the public.
- Specify the name of a message queue to log rejected transaction information.
- Specify a command to run when a transaction is rejected.
Manage Server Security
- Configure auditing and security settings for network services.
- Disable or enable exit-point processing for a server.
- Define public authorities for a server.
- Define the auditing levels for public use of a server.
- Create a table of private authorities for a network service.
- Select the available options to constrain the server environment, as appropriate.
- View the status of exit-point programs and add supplemental exit programs, as required.
- Display information on server usage and on when the configuration last changed.
- Display, search, and sort events generated by the server.
- Specify time periods during which the server is to be available to users.
- Create configuration reports for a selected server.
Manage Resource Security
- Configure auditing and security settings for programs, commands, database files and libraries, and IFS stream files and directories.
- Define public object authorities.
- Define public data authorities.
Specify Audit Level of Objects
- Manage a table of private authorities for objects.
- Display information about when an object was last accessed.
- View when the security configuration for an object was last changed.
- Display, search, and sort events for objects.
- Create configuration reports for selected objects.
- Configure auditing and security settings for user and group profiles, locations (IP addresses), and location groups.
- Enable or disable a source's configuration.
- Specify the level of auditing for each source.
- Manage the table of all private authorities for a selected source.
- Track usage information for sources.
- Display when a source configuration was last changed and by whom.
- Create a configuration report for a selected source.
Report On and View Events
- Display a list of all audit events.
- Search the event database, using a variety of selection criteria.
- Refresh the event display to include the most recent data.
- Clear or delete displayed events.
- Export event data to a .csv or .txt file.
- Set preferences for the event display, including its font and colors, the fields displayed, and the time format used.
- Save an event search for later use.
- Create, submit, and manage custom reports.
- Open an output queue browser to view generated reports.
StandGuard Network Security 3.1 Features
As stated above, the GUI augments the extensive feature set that already existed in StandGuard Network Security 3.0. Among the functionality that preceded the introduction of the GUI are comprehensive exit-point security and extensive reporting capabilities.
Comprehensive Exit-Point Security
StandGuard Network Security secures, monitors, and audits access to databases, applications, and objects using standard OS/400 and i5/OS exit points, including all exit points that can be used to access data and run commands. This provides security for more than 160 server functions.
StandGuard Network Security's object-based, exit-point approach to security is a significant improvement over the alternative, transaction-based security. Transaction-based security records keystrokes and SQL statements, requiring that each be approved before the activity is allowed. Identifying acceptable transactions consumes considerable administrative time, and the process is highly prone to errors, particularly when transaction formats change with evolving business requirements. Object-based security performed at the relevant exit points eliminates this problem by examining not transactions, but rather the objects that the transactions access. It then determines whether the user is authorized to use those objects.
StandGuard Network Security 3.1 provides a number of standard reports, including these:
- Events by date and time
- Events by server
- Events by library
- Events by directory
- Public events (identifies network activity resulting from public access to StandGuard Network Security resources)
- Events by user, location, or group
- Rejected events
- Events by resource
- Events by private authority (identifies events that have occurred as a result of private authorities that you created)
- Captured SQL statements
You can use several selection criteria to refine the reports and pinpoint items of concern. In addition to being printed, reports can be output to Excel for further analysis.
StandGuard Network Security 3.1 can also send automated real-time alerts to systems staff, allowing them to take immediate action when necessary.
For more information on StandGuard Network Security, contact Bytware at the address or phone number below or visit its Web site. A Technical Packet available on Bytware's Web site lists all protected exit points and describes in detail the features of the product.
Joel Klebanoff is a consultant, a writer, president of Klebanoff Associates, Inc., a Toronto, Canada-based marketing communications firm, and author of BYTE-ing Satire. Joel has 25 years experience working in IT, first as a programmer/analyst and then as a marketer. He holds a Bachelor of Science in computer science and an MBA, both from the University of Toronto. Contact Joel at email@example.com.
9440 Double R Blvd., Suite B
Reno, Nevada 89521-5990
Tel: 775.851.2900 or 800.932.5557