AS/400 intrusion detection & auditing of TCP/IP servers

Guest.Visitor · 01-01-1995 02:00 AM

I?ve been given the task of trying to determine the best method(s) for detecting and auditing access to our AS/400 systems via the TCP/IP servers. Traditional AS/400 object security doesn?t seem to be the answer, and I do not feel we have the time to develop a ?home grown? solution. The only product that I have come across is PowerLock by PowerTech. This product seems to address our concerns. Does anybody have experience (good/bad) with this product? Are there other products that you would recommend? Thank you for your time, Chris

Guest.Visitor · 09-05-2000 11:54 PM

Have a look at Safenet

Guest.Visitor · 09-06-2000 05:30 AM

Thanks for your feedback. Do you have experience with this product? If so, would you recommend it? What is this companies URL? I appreciate any insight you can offer.

Guest.Visitor · 09-06-2000 06:05 AM

Hi Chris, Try http://www.pentasafe.com/products/as400s.htm Look for chapter "Secure". Vadim

Guest.Visitor · 09-06-2000 06:19 AM

Chris - Although we don't use a product like this, I suppose the two best-known companies in this area are Powertech (www.400security.com) and Pentasafe (www.pentsafe.com). One of the main architects of the Powertech product is John Earl, who is a well-known figure in /400 security circles, a security advisor (or some cool title) to Midrange Computing, and a contributor to this forum. I think Powertech offers only /400 products, but I could be wrong. Pentasafe offers products that run on the /400, NT, and Unix. To my knowledge, they were the first 3rd party security product offered for the AS/400 (FWIW). They offer a 10 point security check for free on their Web site (or they will send you a CD) that everyone should download and run, if only to see where your vulnerabilities are. (Beware - downloading or requesting a CD is closely followed by a call from a salesman but I guess you should expect that when you 'register' to download, right?) From the demos that I've seen, both company's products perform similar function. They both secure most exit points and allow you to specify authorized users to the functions secured by exit points. I'll let you determine the differences and their significance to your environment. HTH, Steve

Guest.Visitor · 09-07-2000 05:34 AM

Vadim, Thank you for your response. Chris

Guest.Visitor · 09-07-2000 05:42 AM

Steve, Thank you for your time and thoughts...I appreciate your input. We will be checking out PowerLock this week, and I'll look in to the other. By the way, what does "FWIW" and "HTH" mean (if you don't mind me asking)? I'm kind of new at this(obviously!?). Thanks again! Chris

Guest.Visitor · 09-07-2000 05:48 AM

I forgot to write the link: http://www.kisco.com/safenet.htm

Guest.Visitor · 09-07-2000 06:55 AM

FWIW = For what it's worth HTH = Hope this helps FWIW, Steve

Guest.Visitor · 09-14-2000 08:17 AM

Thanks!

Thread: AS/400 intrusion detection & auditing of TCP/IP servers

Thread Tools