The Four Hundred
OS/400 Edition
Volume 11, Number 11 -- March 18, 2002

PentaSafe Allows "What If?" Testing for OS/400 Security

by Alex Woodie

Changing the security settings of OS/400 can be a scary thing. What if you made a change that caused your company's application to behave incorrectly, or put an unnecessary security hold on the completion of live transactions? PentaSafe Security Technologies has addressed these scenarios by announcing a new rev of its OS/400 security software suite that includes a new "What If" capability that allows security administrators to test changes to remote access security settings before rolling them into full production.

The new "What If" capability was added to PSSecure 7.0, one of three components of a suite of OS/400 security products that PentaSafe calls the VigilEnt Security Agent for iSeries. Last week, PentaSafe announced the general availability of the next generation of VSA for iSeries, which also includes new releases of PSAudit and PSDetect.

The key to PSSecure's new "What If" mode is the ability to apply new remote access security rules against a company's actual transactions in a test environment. In prior releases of the software, says PentaSafe, its programs shipped with a set of canned transactions that often didn't provide a good barometer of how actual data would behave with the new rules.

The new feature works by creating a duplicate set of transactions, what the utility calls "What If" entries, using production data. Going into the "What If" menu, the security administrator can then change the remote access security settings governing that data (such as applying safeguards to FTP transactions) and those changes won't affect the live data.

PSSecure produces a series of reports that tell the administrator how the changes would affect the transactions passage in the production environment. When the administrator is happy with the changes, the secured entries are replaced with the tested "What If" entries, and the tested rules go into production. At the same time, the software makes a backup copy of the secured changes, allowing the changes to be undone at a later date.

"There isn't another OS/400 security utility on the market with this type of capability," says Steve Martinson, PentaSafe's product manager for OS/400 software. "I happen to be a former customer [of PentaSafe]," he said. Applying security rule changes used to be "a big, onerous task," he said. "It was kind of scary."

Those days are over. "Now they can tweak it all day long, and if they mess it up, it doesn't affect anything," Martinson said. "It's a way to go in and test changes without affecting the actual security environment."

This new release should also encourage users to keep their iSeries systems in the secured mode under PSSecure, he said. Previously, users were reluctant to move their systems out of the data collection mode and into the secure mode because of fears that transactions would be rejected by PSSecure.

There were several other enhancements added to PSSecure, including the capability to configure remote servers individually and the ability to control server access by TCP/IP address as well as SNA device names. Other enhancements include specification of object level security for any file system apart from OS/400 resource security; control of read, write, manage, and execute authority for objects or entire directory trees; and control of uploads and downloads via predefined PentaSafe research groups.

Last week's VSA for iSeries announcement also included new releases and enhancements to PSAudit and PSDetect.

PSAudit 5.4 features new baseline capabilities that give security administrators 11 new reports designed to provide greater insight into how object authorities and user resources are being utilized. Administrators are able to call on reports that show current resource allocations and how they compare to rules and exceptions set by the administrator for areas including job descriptions, user profiles, directories, folders, and libraries. Other new reports log network transactions by date/time, user, function, server, and incoming source address. Lastly, a new iSeries Management Summary Report uses a red-yellow-green scorecard system to show whether certain areas are in compliance with predefined rules.

PSDetect 2.2 now allows the utility to work with Simple Network Management Protocol management consoles. The utility is able to send SNMP traps to any SNMP management consoles that are able to receive SNMP traps, such as those from Tivoli and Computer Associates. This new feature enables companies to configure PSDetect to send alerts to SNMP management consoles.

VSA for iSeries components can be deployed with or without the VigilEnt Security Manager, PentaSafe's Windows-based central security console. VSM serves as the hub for PentaSafe's growing stable of agents for a variety of products, which, at this writing, includes Linux on iSeries, Windows 2000/NT, various Unix implementations, Novell NetWare, and a host of database management systems, Web application servers, applications, and firewalls.

PSSecure, PSAudit, and PSDetect are available separately or packaged together in VSA for iSeries at a discount. Starting April 1, PSPasswordManager, which allows OS/400 administrators to view and control their users' weak and easily guessed passwords, will also be included in the suite.

Pricing for VSA for iSeries is tier-based and starts at about $9,000 for the P05 processor group, which includes a license for 300 users. PentaSafe also offers another bundle including VSM and the VSA for Linux on iSeries for $6,995. VSA for Linux on iSeries by itself goes for $1,995. For more information visit PentaSafe's Web site at

Please note that this article has been edited since its original publication to correct the pricing information for the VSM and VSA bundle for Linux on the iSeries and for the VSA for Linux on iSeries product as a standalone purchase. Guild Companies regrets the error. [Correction made March 18, 2002]

Sponsored By

In light of IBM's recent departure from the thin client market, signified by the discontinuation of the thin NetVista™, a large group of users are wondering where to turn for thin client solutions. More and more companies are now discovering one of the industry's most innovative thin clients: the YEStation from Affirmative Computer Products.

Affirmative designs, develops and supports enterprise-strength YEStation thin client systems, including keyboard, display and printer products for use with IBM midrange and mainframe systems. A broad range of models and options are available to accommodate a diversity of computing needs. From large corporate environments, to healthcare and manufacturing organizations, YEStations can be customized to help companies of all kinds realize the benefits of lower Total Cost of Ownership (TCO).

Key features:

  • Compact size and flexible mounting options suitable for all types of uses and environments. Under the desk, on a vertical bulkhead, or secured to the top of a work surface--whatever is most convenient.
  • Powerful Central Management Software allows configuring and updating units over the network. Centralized, shared application software means you can update thousands of users in minutes without leaving your desk.
  • Linux and Windows CE versions available.
  • Durable 122-keyboards for productive switching between host and local application programs. Models available in 5250 and 3270 layouts.
  • Support for touchscreen monitors makes the YEStation the perfect warehouse or factory floor device.
  • Linux based terminal (LBT) version can be used as Lotus Notes email client.

Affirmative backs every system and peripheral it sells with the service and support necessary to keep your enterprise running at peak efficiency. To learn why Affirmative's YEStation is the premier thin client computing solution, call 888-353-5250 or visit

SoftLanding Systems
BCD Int'l
Affirmative Computer
Microsoft, IBM Slapped with Antitrust Lawsuits
IBM Puts Out, Then Withdraws Updated DASD Fixpack
OS/400 Shops Featured in iNation Server Consolidation Chat
IBM Readies Beta One of iSeries Access for Web Middleware
PentaSafe Allows "What If?" Testing for OS/400 Security
Admin Alert: Switching Between 80- and 132-Character Mode in Express PC5250
Lakeview Technology Adds Business Partners
As I See It: Manipulating Money
TFH Flashback: Decree Settlement Delayed but Possibly Broadened
TFH Flashback: After 40 Years, the Consent Decree Is Lifted
  Newsletters | Subscribe | Advertise | About Us | Contact | Search | Home  
  Last Updated: 3/17/02
Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.