Midrange Stuff, OS/400 Edition

PowerTech Group is shipping a new release of its OS/400 auditing tool that allows users to audit all network traffic for their AS/400 or iSeries server. The security software company already provided some degree of network auditing in its flagship network security product, PowerLock NetworkSecurity. With the latest release of its auditing tool, PowerLock SecurityAudit Version 1.6, PowerTech is making the OS/400 network an integral part of its strategy for OS/400 security audit software, as well.

Most business people need no reminder of the tremendous benefits that the Internet can offer them. While a discussion of the ramifications of a fast, cheap, instantaneous, and global data link is beyond the scope of this article, we should periodically remind ourselves of the ways that the Internet continues to change the way we do business.

From an OS/400 point of view, however, there is quite a bit of infrastructure work required to prepare companies for doing business over the Internet, and one of those infrastructure components is security. Unfortunately, the underlying architecture of the OS/400 server was not designed with the Internet in mind. Brilliant as the AS/400's architecture was--and still is--the lack of integrated and native ways to prevent unwanted network security access to OS/400 servers has lulled many OS/400 shops into a fall sense of security.

The OS/400 server's lack of protection against unauthorized network access through standard and supported protocols such as FTP and ODBC is well documented. These liabilities have spawned a class of tools that allow systems administrators to restrict the ways that users can use certain pathways. One of those products is PowerTech's NetworkSecurity, and there are several others.

In addition to the lack of native Internet access controls, OS/400 doesn't log AS/400 or iSeries network traffic. That is, network traffic is invisible to OS/400. So while an auditor may have reams of system journal reports documenting every change to every object, unauthorized users may be traipsing about the system unseen.

This is the primary enhancement that PowerTech has delivered with SecurityAudit 1.6, which the company announced in late June. With this release of the tool, PowerTech allows users to monitor and report on all iSeries network activity, in the same way that the product keeps an eye on all OS/400 system values. PowerTech's focus on network security in its auditing tool is, in large part, the result of new laws requiring tighter information security within U.S. companies.

"Recent legislation is having a big impact on IT departments and--in the case of the Sarbanes-Oxley Act--failure to properly comply will soon be punishable under federal law," says John Earl, PowerTech founder and chief technology officer. "Driven by the demands of e-business, [IBM iSeries and AS/400 servers] are being used in dramatically new and powerful ways. Unfortunately, this has left them vulnerable to an increasing number of security threats, threats that are often poorly understood by IT professionals because they are difficult for them to see."

PowerTech has also added a new StorageSensor feature in SecurityAudit 1.6. StorageSensor will notify the auditor when disk use grows dramatically, which is often the first warning of a security breach, according to PowerTech. Hackers sometimes use servers to store undesirable or illegal documents, and StorageSensor is designed to allow auditors to discover them quickly and initiate corrective action.

PowerTech's SecurityAudit tool works by taking the raw data collected by OS/400's auditing journal and making it more readable. (In the case of network traffic, which is invisible to OS/400, PowerTech uses other means to gather that information.) The software translates the journal or traffic entries into easily understandable information that can be used by nontechnical users, such as auditors brought in to assess the safekeeping of OS/400 assets. Users can view complete histories online or in printouts, or they can choose to see only the data that has changed.

PowerLock SecurityAudit 1.6 is now available from PowerTech. The company says the software will typically cost about $8,500 for a P30 OS/400 server. V4R2 or a later version of OS/400 is required. For more information, go to www.powertechgroup.com.