Partner TechTip: Is Your Network Protection "Object-Aware?" PDF Print E-mail
Tips & Techniques - Security
Written by Robin Tatam   
Friday, 06 August 2010 00:00

Article Sponsor

 

 

PowerTech-Logo.png

 

Phone: 1-800-915-7700

Email: sales@powertech.com

PowerTech Web site: www.powertech.com

 

The PowerTech Group is the leading expert in automated security solutions for IBM Power® Systems running IBM i (System i®, iSeries®, and AS/400®), helping users manage today’s compliance regulations and data privacy threats. Companies worldwide rely on PowerTech security solutions.

PowerTech Network Security 6 provides object-level support.

 

I recently blogged about the new features in PowerTech's Network Security Version 6. In response, I got several questions about what's "new" in the new version. So here's a quick overview.

A Quick History

Before taking a look at the new features, let's review some background for those of you who might not be familiar with why you need Network Security.

 

Back in the early days of the AS/400, the only way to access data was via a 5250 (green-screen) application. This meant that you could easily secure your application data using simple menus and command-line restrictions. In the early '90s, IBM enhanced the operating system to enable open access through interfaces such as ODBC, FTP, and remote command. This effectively opened the database without the control provided by menus. To offset this new access ability, IBM also enabled exit points that allow you to use exit programs that determine if a request should be allowed or denied. Network Security is a suite of exit programs that are designed to provide two critical security functions—auditing and access control—for these requests.

A Wizard for Install

Your first exposure to the new Network Security is the installation process. Gone are the days of having to manually upload a save file, restore the objects, and then run an installation routine. Instead, Version 6 provides a new wizard that runs on a Windows PC to streamline the product installation (see Figure 1). The wizard even removes itself from the PC after completion, leaving only the product Administrator's Guide as a lasting footprint.

 

080610PwrTechFig1Installationwizard 

Figure 1: PowerTech's new installation wizard simplifies the installation of Network Security.

Selective Activation and a Cleaner Interface

Once you've installed Network Security, you'll see its new activation process. As before, activation registers Network Security's exit programs to the IBM exit points. But now, you can select which exit points you want to monitor. You can make subsequent passes through the activation process to activate any of the remaining exit programs, as needed.

 

In addition, the Network Security main menu has been streamlined, so you'll find fewer menus within menus. The interface is clean, concise, and intuitive. You'll see some additional options to support the new object rules, but most of the existing option numbers remain the same to help with the transition.

Object Rules Build on a Strong Foundation

Network Security continues to lead by its ability to control access at multiple levels. First, you can set rules for users and locations for all functions within a service. Then, you can further define rules that apply only to a specific function within a service, such as remote commands in FTP. Finally, you can establish rules for very specific requests, such as allowing the FTP download of file MYFILE from library MYLIB. Naturally, auditing and messaging from of any of these transactions has always been one of Network Security's most sought-after features.

 

For scenarios where you don't know the specific request, Network Security adds support for object lists. An object list defines which objects are being secured and allows you to set rules to control access to them. Imagine being able to prevent a file from being updated through an ODBC connection, regardless of the specific SQL statement that's issued. Or you might want to audit change requests for a particular object but not the entire application. While we recommend that you use transaction-level rules first (as they are specific to a request), object rules introduce a new era to the capabilities of an already-powerful solution.

Next Steps

To determine if exit points on your system are providing an open door to your data, start with a no-cost PowerTech Compliance Assessment.

 

If you're new to Network Security, click here to learn more or try it free for 30 days. If you're already a Network Security customer, upgrading to Version 6 is covered by your maintenance agreement. You also can learn more about the new Network Security by signing up for online training held in September.

 

 


Robin Tatam
About the Author:

Robin Tatam is the Director of Security Technologies for PowerTech, a leading provider of security solutions for the System i. As a frequent speaker on security topics, he was also co-author of the Redbook IBM System i Security: Protecting i5/OS Data with Encryption. Robin can be reached at 952.563.2768 or robin.tatam@powertech.com.

Read More >>
Last Updated on Friday, 06 August 2010 00:00
 
User Rating: / 0
PoorBest 
   MC-STORE.COM