• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • CXL Debuts iSeries Security Reporting Tool

    January 25, 2005 Alex Woodie

    English developer CXL unveiled a new software utility this month called AZScan that tells users how security settings have been configured on their OS/400, Unix, or OpenVMS midrange systems. In addition to revealing what the actual security settings are, the sub-$500, PC-based AZScan also provides an explanation of settings and recommends ways to make them more secure.

    AZScan is actually three products in one, and a license to AZScan gives users the right to run security scans with any of the individual products, which include AScan (OS/400 V4R4 and later), VScan (for HP/DEC Alpha/VAX systems), and UScan (for 75 different Unix variants). OS/400 shops that don’t need the other two products can just ignore them.

    The AZScan products are intended to be used periodically, to gauge the relative strength or weakness of a server’s security settings. Each time an AZScan product is used, it generates a report that tells users the exact state of their security setting for particular operating systems, and it provides an explanation of the setting and makes recommendations about how to improve it.

    Two different types of reports are provided for each product. The zipped Word file and HTML files are basically identical and provide detailed information about every security setting, whereas the “heat map” report generates a numeric score based on how the server rated in the various areas, which are weighted according to the risk they can pose to security.

    The HTML and Word reports make liberal use of color-coding that tells administrators which areas of the system are at low, medium, and high risk. For example, if the system is set to disable a user profile after five unsuccessful sign-in attempts, the report will highlight this area of the report in yellow, for medium risk, and recommend that the administrator lower this number to three unsuccessful sign-in attempts before disabling the user profile. There are also numerous charts and graphs for various security-related settings, such as the distribution of authorities among user profiles, the number of days required between password resets, and so forth.

    The AScan component checks 53 different security-related settings in OS/400. These are broken down into eight main areas, including system, auditing, system passwords, users, sign-on controls, special authorities, groups, and user passwords. Explanations and recommendations are provided for each of the settings. The UScan component checks 74 security settings on all major (and many minor) Unix operating systems, and VScan checks 89 OpenVMS Versions 7.1 through 7.3.

    Setting up AScan to run is a matter of copying two files from an OS/400 server, including the System Profile file and the User Profile file, onto the PC equipped with AScan. (The techniques for other operating systems are similar.) Both of these files can be generated using fairly simple commands provided by the vendor. Setup and use of the AScan, VScan, and UScan products is handled through a fourth component of AZScan, called the Controller.

    Proficient administrators can get the same information gathered by AZScan without spending any money. But AZScan does the grunt work of gathering the data into a single report, and does a good job of generating colorful and insightful reports that are easier to digest, particularly for auditors who may be unfamiliar with the system.


    CXL developed AZScan to run on Windows PCs, as opposed to running directly on the host systems, to minimize the impact on the monitored system, says David Robinson, CXL’s chief executive. “The main idea behind the tool was to have something which was free standing and remote from the systems it was reviewing so that it could not crash a live system or even affect the performance,” he says.

    London-based CXL worked with a major U.S. investment firm and an OS/400 security software company in the development of AZScan, Robinson says. “Our aim has been to produce a simple to use product which will find your security issues, explain the implications of these problems, and recommend solutions. All this is done in the context of your security policy and the many regulatory conditions which are now imposed on business,” he says.

    Although pricing hasn’t yet been nailed down, Robinson says a one-year license for AZScan will likely be about $440, with five free “runs,” or reviews, which can be used with any of the three products. Additional runs can be bought at about $35 each, or less for bulk purchases. For more information and downloads, go to www.cxlsecure.com.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    UCG Technologies – Vault400

    Do the Math When Looking at IBM i Hosting for Cost Savings

    COVID-19 has accelerated certain business trends that were already gaining strength prior to the start of the pandemic. E-commerce, telehealth, and video conferencing are some of the most obvious examples. One example that may not be as obvious to the general public but has a profound impact on business is the shift in strategy of IBM i infrastructure from traditional, on-premises environments to some form of remote configuration. These remote configurations and all of their variations are broadly referred to in the community as IBM i hosting.

    “Hosting” in this context can mean different things to different people, and in general, hosting refers to one of two scenarios. In the first scenario, hosting can refer to a client owned machine that is housed in a co-location facility (commonly called a co-lo for short) where the data center provides traditional system administrator services, relieving the client of administrative and operational responsibilities. In the second scenario, hosting can refer to an MSP owned machine in which partition resources are provided to the client in an on-demand capacity. This scenario allows the client to completely outsource all aspects of Power Systems hardware and the IBM i operating system and database.

    The scenario that is best for each business depends on a number of factors and is largely up for debate. In most cases, pursuing hosting purely as a cost saving strategy is a dead end. Furthermore, when you consider all of the costs associated with maintaining and IBM i environment, it is typically not a cost-effective option for the small to midsize market. The most cost-effective approach for these organizations is often a combination of a client owned and maintained system (either on-prem or in a co-lo) with cloud backup and disaster-recovery-as-a-service. Only in some cases of larger enterprise companies can a hosting strategy start to become a potentially cost-effective option.

    However, cost savings is just one part of the story. As IBM i expertise becomes scarce and IT resources run tight, the only option for some firms may be to pursue hosting in some capacity. Whatever the driving force for pursing hosting may be, the key point is that it is not just simply an option for running your workload in a different location. There are many details to consider and it is to the best interest of the client to work with an experienced MSP in weighing the benefits and drawbacks of each option. As COVID-19 rolls on, time will tell if IBM i hosting strategies will follow the other strong business trends of the pandemic.

    When we say do the math in the title above, it literally means that you need to do the math for your particular scenario. It is not about us doing the math for you, making a case for either staying on premises or for moving to the cloud. There is not one answer, but just different levels of cost to be reckoned which yield different answers. Most IBM i shops have fairly static workloads, at least measured against the larger mix of stuff on the public clouds of the world. How do you measure the value of controlling your own IT fate? That will only be fully recognized at the moment when it is sorely missed the most.

    CONTINUE READING ARTICLE

    Please visit ucgtechnologies.com/IBM-POWER9-systems for more information.

    800.211.8798 | info@ucgtechnologies.com

    Article featured in IT Jungle on April 5, 2021

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Admin Alert: More on Preparing for OS/400 V5R1 to V5R3 Upgrades An Introduction to WDSc Table Views

    Leave a Reply Cancel reply

Volume 5, Number 4 -- January 25, 2005
THIS ISSUE
SPONSORED BY:

New Generation Software
Aldon
Guild Companies
Cosyn Software
WorksRight Software

Table of Contents

  • 2005: A SOX Auditor’s Odyssey
  • iSeries Plays a Central Role in MoMA’s Expansion
  • CXL Debuts iSeries Security Reporting Tool
  • Brooks Launches ExcelliPrint for IPDS Conversion

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • When Cloud Meets DevOps on IBM i
  • JD Edwards Roadmap Reveals Decisions To Be Made
  • IBM Completes Migration of Knowledge Center to IBM Documentation
  • Four Hundred Monitor, April 7
  • Crazy Idea Number 615: Variable Priced Power Systems Partitions
  • Do The Math When Looking at IBM i Hosting For Cost Savings
  • Guru: Web Services, DATA-INTO and DATA-GEN, Part 1
  • Oracle Versus Rimini Slogs On In Second Decade
  • HCI Is The Dominant Converged System, Probably For Good
  • Skytap To Expand IBM i Cloud Offering

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2021 IT Jungle

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.