BOS Adds Security Features to Emulation Products
March 29, 2005 Dan Burger
Security for iSeries 5250 emulation is getting a closer examination as companies are becoming wise to the fact that a majority of security breaches are internal rather than external. To address this issue, Better On-line Solutions (BOS) has enhanced its 5250 Client software, BOSaNOVA TCP/IP, with the added security of 128-bit SSL Encryption, a centralized manager module, and single sign on. The new product is named BOSaNOVA Secure, however, existing BOSaNOVA TCP/IP users can also add the security features to their existing systems.
The SSL (Secure Sockets Layer) encryption makes use of a private key that allows it to encrypt data that’s transferred over the SSL connection, which provides secure display and printer sessions by connecting to the iSeries SSL Telnet Port 992.
The manager module centralizes monitoring and management of remote workstation client emulations and provides user-profile and user-authentication control, as well as allowing users to synchronize with a Windows server. For instance, after a user logs on to a domain, the manager module identifies where that workstation is and what its settings are. It provides the capability to mange many TCP/IP options such as image mapping, keyboard mapping, macros, SQL-based data file transfer, and many others. This management can be done at both the individual and group levels. The manager module is also a convenient tool for future updating of distributed copies of the BOSaNOVA Secure product as well as a method for locking out user changes to the software.
The single sign on (SSO) capability adds a valuable benefit by allowing users to synchronize their Windows servers and iSeries server authentication, which eliminates the need to memorize multiple user ID and password combinations. Based a series of security tickets that are generated by the SSO process, when a user first logs on, he is automatically logged on to the prescribed iSeries access. SSO also allows multiple applications to be synchronized to one database, user ID, and password.
In a situation where a user needs to refresh a password every 30 days for security reasons, that means the domain password and other passwords need to change as well. Without SSO there are many log in passwords for many systems. Several well-publicized studies have shown the administration of lost or forgotten passwords is an expensive procedure that cuts into productivity and profits. SSO also eliminates the tendency that people have to place sticky notes around their workstations to remind them of passwords. Directions that non-authorized workers can also easily follow.
Single sign on, a desirable security feature built in to OS/400 V5R3, is supported with Kerberos authentication and Enterprise Identify Mapping technologies. It is installable on Windows 2000/2003 servers with Active Directory and provides support for 9x/ME stations via MIT Kerberos, a second Kerberos standard that is found in some mixed environments.
In the real world, most IT administrators and staff are not yet up to speed on the implementation of single sign on. However, indications are that it is rapidly gaining popularity. Training is available through COMMON, IBM, and other sources.
The pricing for BOSaNOVA Secure in North America has yet to be announced. BOSaNOVA TCP/IP, without the security enhancements, sells for $155 per copy. For more information, visit www.boscorporate.com.