Bytware Clamping Down on OS/400 Security Exposures

by Alex Woodie

Bytware is ramping up its security initiative with a new white paper, free access to its OS/400 auditing tool, and a new release of its OS/400 security policy management and enforcement system, StandGuard 2.3. The assortment of information and tools is designed to help companies first identify where their OS/400 server is most exposed, design a security policy that calls for gradually ratcheting up protection, then enforce those policies to eliminate unwanted access from both within and outside of the company.

The Reno, Nevada, company's auditing tool, StandGuardAudit, lets companies identify which user profiles have authority to access each object in a library. The software uses your own predefined report templates and generates detailed reports that give insight into which users, or which libraries, pose the greatest risk. You can register for the software at Bytware's Web site.

When used in conjunction with the StandGuard security policy management and enforcement system (or any other OS/400 network and command security tool), companies can incrementally test for undesirable access, plug the holes, then test again, until the right level of protection is achieved. By offering free licenses to use StandGuardAudit, Bytware hopes to attract users who will recognize the company's strategy in promoting a phased-in approach to implementing security. As described in Bytware's new six-page white paper Networthy iSeries: An Effective and Secure Network Services Implementation Strategy, this process starts out with quietly monitoring access attempts, then implementing trust-based security policies, and, finally, exception-based security policies, which provide the maximum protection.

Bytware entered the hot market for security software in the spring of 2002, when it introduced the first version of StandGuard. The software lets administrators manipulate host access through a series of filters that define who can gain network access, create and delete files, and execute system commands and database queries. If a user attempts a maneuver he is not authorized for, StandGuard blocks his way.

StandGuard also features keyword-level security to bolster OS/400's command object-level security, which, Bytware says, adequately secures commands but falls short on what parameters or keywords are allowed. For instance, keyword-level security allows administrators to prevent users from issuing the RESTART(*NO) keyword along with the power-down command, which would prevent the server from restarting.

The StandGuard product also monitors the OS/400 security audit journal and performs actions to run system commands and send messages in response to journal events. Administrators can create filters in StandGuard that control the types of journal events that trigger notification, such as a change in system values or user authority, or profile swapping. The software will also interface with Bytware's MessengerPlus, as well as other paging products, allowing administrators to be notified of security events if they're out of the office. Lastly, StandGuard includes a reporting feature that lets administrators sort and review logged events in several ways, including by user names, IP addresses, the number of times a certain event has occurred, and event details. All data in the reporting feature is constantly updated, giving administrators the capability to drill down to find the source of a change in real time.

The latest version, StandGuard 2.3, builds on Bytware's first release, with some incremental improvements. The company says it has improved the usability of its Work with Services and Work with Commands functions, and has made filters easier to work with. The software has also been corrected to secure some system commands that could not be secured before. Improved printing features also mark this release, as well as a new feature that prevents actions or schedules from being deleted if a rule or filter is attached to them in the Work with Schedules and Work with System Actions screens.

StandGuard 2.3 is available now. Tier-based pricing starts at $2,000 for the P05 group and ends at $12,000 for the P60 group (IBM has eliminated the P60 tier with the new iSeries servers). Bytware also offers partition-based pricing, which starts at the regular tier-based price for the first partition, and adds $1,000 for every additional partition in which the software runs.

To request a free download of StandGuardAudit, go to www.bytware.com/sgaudit_request_mstuff.html. To register to download a free 30-day trial of StandGuard, go to www.bytware.com/freesoftware. You can also register to download the whitepaper Networthy iSeries: An Effective and Secure Network Services Implementation Strategy.

This article has been edited since its original publication. StandGuardAudit is completely free, not just for the first 30 days. StandGuard is being offered as a free 30-day trial download. Guild Companies regrets the errors. [Corrections made 1/30/03.]

Sponsored By DATAMIRROR

The World Works 24/7. Shouldn't Your Business? DataMirror LiveResiliency solutions provide your employees, customers and partners with instant and uninterrupted access to your corporate systems and information. LiveResiliency helps you build a resilient infrastructure that allows you to rebound from any kind of system outage -- whether planned or unplanned. LiveResiliency lets you balance workloads, automate backups and perform live database reorgs without taking your system offline. LiveResiliency provides the ability to continuously mirror critical data and applications and automatically switch users from primary to recovery systems in the event of an outage. LiveResiliency also enables highly available and resilient business operations in clustered iSeries environments by detecting primary system failure and invoking operational switching for continuous availability and 100% cluster-enabled resiliency. Protect your precious data assets and create a real-time zero latency enterprise that is virtually impervious to downtime with DataMirror LiveResiliency. About DataMirror DataMirror is a leading provider of enterprise application integration and resiliency software that gives companies the power to manage, monitor and protect their corporate data in real-time. DataMirror unlocks the experience of now™ by providing the instant data access, integration and availability companies require today across all computers in their business. 1,700 companies have gone live with DataMirror software including Debenhams, Energis, GMAC Commercial Mortgage, the London Stock Exchange, OshKosh B'Gosh, Priority Health, Tiffany & Co., and Union Pacific Railroad. DataMirror is headquartered in Toronto, Canada, and has offices around the globe. For more information, visit www.datamirror.com.