fhs
Volume 12, Number 20 -- July 24, 2012

Raz-Lee Cracks Down on CL Commands with New Software

Published: July 24, 2012

by Alex Woodie

Raz-Lee Security this month unveiled a powerful new IBM i security tool that gives administrators the power to prevent users from issuing control language (CL) commands. The new product, called Command, is the most complete CL control product on the market, the company claims.

Securing IBM i servers can be a complex process that requires taking several different approaches. Exit points must be monitored to ensure no untoward activity is taking place via FTP or another network access route. Authority levels must be properly configured and continuously watched. Encryption, journaling, and passwords are other areas to consider.

But one area that has been tough to crack down on is CL commands. For experienced users and administrators, CL commands are quick and powerful ways to accomplish tasks. In the hands of a rouge user, however, the CL prompt can be a dangerous gap in the security net surrounding the IBM i server.

Several security software vendors offer tools to help reign in CL abuse. However, they don't go far enough to crack down on CL use, Raz-Lee CEO Schmuel Zailer said during the recent COMMON conference in Anaheim, California, where he talked about the forthcoming product launch. A clever user could easily mask his intentions by hiding CL commands within other commands and CL programs, and the other CL-blocking tools don't address this, he said.

The new Command product addresses this by analyzing each CL command, including, its parameter, origin, and context (i.e. the program which initiated the CL command), not to mention the user. "Command is the only product that has the ability to refer, for analysis or change, to each part of a complex parameter separately, as well as to the parameter as a whole," the company says in a press release.

When Command is turned on, it will reject or allow any IBM or user-defined CL command. It will also initiate alerts by e-mail, syslog, and Twitter. Security administrators can modify the software based on an element, a qualifier, an entire parameter, or the CL command itself, the company says. All product activity is logged, and reports can be automatically generated and distributed as PDF or HTML documents via email.

The product provides an extensive log via a full Report Generator and Scheduler, and e-mails HTML and PDF reports. The product is a component of Raz-Lee's iSecurity suite.

The new product answers requests from Raz-Lee customers for a "firewall" type product for CL commands, says Eli Spitz, the company's vice president of business development. "Command's … features, such as the ability to display the program library as well as the programs in the program stack when the command was issued, are market-unique features which add to the usefulness and benefits of the product," he stated in a press release.

Command is available now. Pricing is tier-based and ranges from $2,500 to $9,500. For more information on the product see the company's website at www.razlee.com.


RELATED STORIES

Raz-Lee Unloads New Products at COMMON

Raz-Lee Claims IBM i Data-Access Breakthrough with DB-Gate

Raz-Lee Feeds IBM i Data into RSA SIEM

Raz-Lee Unveils GUI for IBM i Journal Security Tool

Raz-Lee Gets the Twitter Bug

Imperva and Raz-Lee Team Up for DB2/400 Security Software

Raz-Lee Adds Object-Level Security to i OS Security Suite


                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Sponsored By
TEMBO APPLICATION GENERATION

It is extremely important to recognize that if your
installation has not yet adopted the SQL (DDL/SQE) engine
as your primary DB2 for i interface and is still primarily
using the ISAM (DDS/CQE) engine for database access,
you are using the leading high volume commercial OLTP
platform severely shackled and constrained.

Why SQL Engine?

1. The DB2 SQL engine has been the foundation of all developments and enhancements to IBM i
    (and predecessors) since 2000.

2. In a highly competitive business environment it is all about AGILITY - the DB2 SQL engine enables that.

3. It offers up-to-date database documentation and access to leading database modeling tools.

4. It is the strategic database interface for the industry (standards compliancy).

5. It allows you to present a modern database to the outside world, and to your users, with meaningful
    longer file (table) and field (column) names, which is a foundational requirement for Analytics.

6. It is the foundation for any real, lasting application modernization and agility responding to
    DB change requests.

7. It ensures:
    data integrity
    improved Return on Investment
    reduction in costs, speed to respond
    massive increase in performance
    openness
    skills availability

How To Upgrade To Native SQL Engine

Due to the perceived risk and complexity, most IBM i installations internationally have continued to use the ISAM (DDS/CQE) engine as their primary database access method. This has certainly added to the perception that the platform is legacy, whilst it is in fact probably the most advanced implemantation of the DB2 database engine. We, as the installed base, however have been guilty of severely hampering and constraining our systems as a result, causing our system to be perceived as old, unyielding and legacy.

It is entirely feasible for you to upgrade from the ISAM to SQL engine with:

    Little to no disruption
    Little to no risk
    Gradually (one file, library, database or system at a time)
    Without the use of Surrogates
    Non-invasively
    Easily
    And with no need to recompile your code (No LVLID changes)!!!

AO Foundation Solution

The fundamental requirement in the first place of implementation is to upgrade as much as possible to a high performing, native SQL (DDL) database, excluding unsupported constructs (see AO Website for details) without ANY LIVID changes.

    Evolution, not revolution.
    One File, one library, one database or one system at a time.
    Facilitate AGILITY!
    Enable ANALYTICS!
    Long file and field names "out of the box," depending on internal practices.
    Allowing any combination of ISAM and SQL to co-exist.
    No to low risk.
    Gradual, non-disruptive roadmap.
    Regain control of your database(s).
    Gradual sanitation of your database(s).
    Gradual consolidation of your Metadata.
    Regain control of your Metadata.
    Gradually enhance/enrich your Metadata ala OA Metadata Consortium.
    Native leveraged SQL database.
    Central management of Database Indexing Strategy.
    FULL, native management of your ISAM (CQE) and SQL (SQE) database(s) on DB2 for i.
    Non-invasive, incremental roadmap.

Once the inital upgrade is facilitated, the database(s) can then gradually, incrementally improved and sanitized, focusing on ROI the entire time.

AO Foundation Benefits

Immediate, low-risk, non-disruptive exploitation of the native SQL database engine.

    Solid foundation for future modernization projects.
    Your database now presents itself as modern to the outside world and your end users.
    AO Foundation removes the tedium and error-prone repetition out of upgrading to the
     SQL (SQE) engine, allowing you to focus on value adding aspects of application modernization.
    No "vendor lock-in" - we deliver your database back completely under your control.
    No LVLID changes during Phase 1 of database upgrade process, hence no recompilation
     of ANY code.
    Massive potential performance benefits
    AGILITY
    FULL, native IBM i based management of your ISAM and SQL database(s) on DB2 for i.
    Gradual, non-disruptive roadmap
    Unshackled applications, unlocking the full value of your IT investments
    Multi-Tier architecture

www.adsero-optima.com

YES YOU CAN!!!
Editor: Alex Woodie
Contributing Editors: Dan Burger, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

Townsend Security:  View the recorded Webcast: Secure Managed File Transfers for the IBM i
Help/Systems:  FREE: Download the IBM i Scheduling Survival Guide
Abacus Solutions:  More affordable and flexible alternatives to deliver secondary workloads
 

IT Jungle Store Top Book Picks

BACK IN STOCK: Easy Steps to Internet Programming for System i: List Price, $49.95

The iSeries Express Web Implementer's Guide: List Price, $49.95
The iSeries Pocket Database Guide: List Price, $59
The iSeries Pocket SQL Guide: List Price, $59
The iSeries Pocket WebFacing Primer: List Price, $39
Migrating to WebSphere Express for iSeries: List Price, $49
Getting Started with WebSphere Express for iSeries: List Price, $49
The All-Everything Operating System: List Price, $35
The Best Joomla! Tutorial Ever!: List Price, $19.95
 
The Four Hundred
IBM Gives Killer Power System Deals Down Under

Big Blue Cranks Up The Profit Engine In Q2

Another Look At .NET Apps Accessing IBM i

As I See It: To Serve, To Strive, And Not To Yield

IBM Should Buy Mellanox Before HP Or Cisco Does

Four Hundred Guru
DB2 For i XMLTABLE, Part 2: Using Namespaces And IFS XML Files

RPG Subprocedure Error-Handling with APIs

Admin Alert: Making Run the Same Run the Same On IBM i Access 7.1 On Windows 7

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar

System i PTF Guide
July 21, 2012: Volume 14, Number 29

July 14, 2012: Volume 14, Number 28

July 7, 2012: Volume 14, Number 27

June 30, 2012: Volume 14, Number 26

June 23, 2012: Volume 14, Number 25

June 16, 2012: Volume 14, Number 24

TPM at The Register
ARM grabs TSMC's 3D FinFETs for future 64-bit PC brains

Scottish cloud abacus gobbled by control freak RightScale

AMD pins its server hopes on SeaMicro technology - maybe in APUs

Super Micro misses target in June quarter

OpenStack cloud fluffer growing faster than Linux

Mellanox makes InfiniBand hay while the sun shines

IBM juices profits in Q2 despite sales drop

TryStack pits ARM against Xeon in the cloud

Intel accidentally outs 'Poulson' Itanium specs

Servers save Intel's Q2, and probably the year

VMware cranks Zimbra collabware up to 8.0

Cisco buys Virtuata for virty security

THIS ISSUE SPONSORED BY:

looksoftware
SEQUEL Software
HiT Software
Tembo Application Generation
RJS Software Systems


Printer Friendly Version


TABLE OF CONTENTS
CYBRA Completes Forms Journey with MarkMagic 8

Jumping Hurdles From Green Screen to Graphical

Software AG Maintains Investment in Jacada Tools

Raz-Lee Cracks Down on CL Commands with New Software

Robot/NETWORK Now Displays Performance Data

News Briefs and Product Shorts:
Emulator Vendors Begin March Toward Windows 8 . . . Go Bankrupt, Get Free Software . . . IntelliChief Lands More Infor Customers . . . Zend Releases Hotfix Update for IBM i PHP Stack . . . Introducing the IBM Intranet Experience . . .

Four Hundred Stuff

BACK ISSUES




 
Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2012 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement