Midrange Stuff, OS/400 Edition

Tango/04 Computing Group, the Spanish software company that makes systems management utilities for OS/400 and Windows operating systems, last week announce its first OS/400 security software product. Its new iSeries Security Agent works with its flagship systems management product, VISUAL Message Center, to monitor internal activity occurring on OS/400 servers and to automatically take action against suspicious system activity before it's too late.

The iSeries Security Agent, the ninth module in Tango/04's VISUAL Message Center suite, builds on OS/400's native auditing capability, which Tango/04 says is powerful but complex and requires much time and effort to properly configure. OS/400's native auditing function also lacks filters, reporting tools, and the capability to send out alerts in real-time when breeches occur, says Tango/04. The iSeries Security Agent augments OS/400's native auditing by generating enriched messages that can queue the instant dissemination of alerts, trigger automated actions, and help spot weaknesses in a company's security infrastructure.

The iSeries Security Agent features a native 5250 interface, from which administrators can configure system auditing rules. Once the rules are configured, the administrators can then manage security-relevant audit messages, using filters in Tango/04's Smart Console--the core of the VISUAL Message Center and a Windows application with a nifty graphical interface.

The software continually monitors four basic system areas, and can be tuned to watch for changes made on a system-wide basis or by particular users. The iSeries Security Agent looks at changes to, or access of, objects; the execution of commands; changes to system configuration settings; and other specific actions such as profile swapping or failed sign-on attempts. Equipped with the iSeries Security Agent, Tango/04 says, companies will be able to keep confidential information, such as customer data or salary information, out of the wrong hands, whether they're within the company or outside of it.

The iSeries Security Agent allows administrators to observe security events and to automate the software's responses to them, based on certain criteria. For example, if an unauthorized action takes place, such as a system security level being changed from 30 to 50, the utility can be configured to automatically end the job in which the change was made, to change the security level back to 50, to disable the user profile that submitted the job, and to send an alert to the administrator.

Tango/04 says the iSeries Security Agent's filters incorporate intelligent pattern-recognition technology that allows the software to tell the difference between everyday user mistakes and surreptitious hack attempts that may be difficult to detect using traditional technologies. For example, apparently isolated, unremarkable events, such as a failed sign-on attempt, a rejected object, or an attempted access to spool files, may be a sign that somebody is trying to hack the system if they all come from the same user profile, device, or IP address. The iSeries Security Agent will be able to correlate these events and find the common string, then display them on the Smart Console module or take automatic action.

If operator intervention is required for a security breach, the iSeries Security Agent works with VISUAL Message Center to send alerts to security administrators via e-mail, NetSend, or Short Messaging Service, which is available with GSM cell phones. This tight integration between iSeries Security Agent and VISUAL Message Center allows the Agent to take advantage of the system management utility's message escalation procedures and capabilities. And because the Security Agent replicates security messages into VISUAL Message Center's internal database, failed backups or deletion of journal receivers will not affect security, Tango/04 says.

The VISUAL Message Center acts as a central repository for the iSeries Security Agent, giving users a graphical screen for diagramming the flow of events as colored icons on a map or a plant blueprint. The VISUAL Message Center also accepts security-related messages from other OS/400 security products besides Tango/04's, such as messages about exit-point violations generated by PowerTech Group's PowerLock NetworkSecurity, from Windows security products, firewalls, and Web servers, Tango/04 says.

The iSeries Security Agent also includes auditing features to assist users in analyzing their OS/400 systems and generating reports. Users can track a range of events, such as the use of sensitive system commands, changes to system values, access of specific objects or spool files, authority changes, or modifications made to user profiles, which will show up under the Agent's auditing function. The software allows users to create reports covering the company's security infrastructures, identifying problem areas, planning migration to a higher OS/400 security level, monitoring the use of sensitive objects, such as confidential files, and identifying security holes in other vendors' applications, Tango/04 says.

The new iSeries Security Agent is available in the United States from Tango/04's American business partner, SoftLanding Systems.