| |
Fortress/400
- Enhanced Security For IBM System i (A/S400) |
|
Fortress/400 is a unique
IBM System i (A/S400) product designed to enhance
OS/400 security in the client server arena. It
provides additional security by controlling network
access to these computer systems. The security
processes are designed to prevent authorized users
of the system performing "unauthorized"
functions by bypassing the normal security built
into green screen menu systems.
Fortress/400 captures incoming requests from clients
attempting to access server functions, and reacts
to these requests by performing a series of security
checks based on a Security Officer defined set
of rules. An audit trail is created for all transactions
processed.
Key Benefits
Fortress/400 was developed to address the security
issues involved in networking IBM System i and i5 computers.
It significantly improves remote access security.
Fortress/400
operates in conjunction with OS/400 and i5/OS
security. It checks each remote request for the
required level of authority before the request
is executed by the operating system. This security
check is in addition to, but independent of, normal
OS/400 and i5/OS authority checking. Users can
be authorized to use or update OS/400 or i5/OS
objects via application software, whilst, at the
same time, being prevented from copying, modifying
or deleting objects using a networked computer.
Highlights
Utilizes the exit program facilities provided
in the OS/400 and i5/OS operating systems
Can
prevent fraud and malicious damage.
Security
database is set up and controlled by a system
administrator.
Operates
in conjunction with standard OS/400 and i5/OS
security.
Protection
from unwanted and unauthorized access via network
connections.
Allows
authorized users do their work, whilst preventing
unwanted network access.
Locks
OS/400 and i5/OS security exposures.
Protects
against unwanted network transactions.
Recognizes
Group and *PUBLIC authorities.
Easy
to use and install.
User
friendly command driven interface.
Context
sensitive Help for every command and display screen.
Retains
an audit trail of all remote instructions showing
the date and time of the request, the user ID,
the remote instruction string and whether or not
Fortress/400 rejected the request. A hard copy
of this audit trail is readily available.
Using a PC networked to an IBM System i (A/S400)
poses a security threat. Applications such as
FTP, Telnet, NetBios, or ODBC/JDBC enabled applications
can be used to gain access to OS/400 and i5/OS
objects. If IBM System i Access is installed on the
PC then even greater threats exist. Many differing
functions are available without the user needing
to sign on to a green screen session. For example:
One can issue AS/400 commands using the IBM System i
Access Remote Command feature (e.g.): RMTCMD PWRDWNSYS
(Power the system off), RMTCMD CLRLIB xxxxxxxxxx
(Clear a library), RMTCMD CLRPFM xxxxxxxxx/yyyyyy
(Clear data out of a file)
Download
confidential or sensitive data to a PC file. Once
on the PC, it is no longer under the control of
OS/400 or i5/OS.
Transfer
data back to the AS/400, replacing any data that
may have been in the target file with data from
the PC. The resulting transfer may corrupt the target
file.
Use
ODBC/JDBC to connect PC software to the AS/400 or
IBM System i database
All of the above functions are, of course, subject
to OS/400 and i5/OS security, however, removing
authority to a command, library, or file may prevent
your users from doing their job. In addition, many
applications use group profiles to provide users
with read/write authority to the entire database.
These applications rely on front-end menus to control
application security.
Fortress/400 (and its predecessor SECURE/NET) was
developed to circumvent this problem and significantly
improves remote access security for IBM System i and
i5 computers. It utilizes OS/400 and i5/OS exit
program facilities providing exit programs and associated
software to perform the required security checks.
|
|
|
| |
|
|
|
