Raz-Lee Ships New iSeries Security Software
June 7, 2005 Alex Woodie
Raz-Lee, the Israeli developer of OS/400 security tools, has issued new releases of several products this spring. A new release of the Firewall+++ product provides finer-grain control over users’ access to iSeries resources, while Raz-Lee’s auditing software gains real-time monitoring capability, as well as integration with the company’s screen capture tool.
It’s been said over and over, but it bears repeating, if only to educate new iSeries users, or to pester old hands into (finally!) taking security seriously: While the iSeries is an extremely secure server, it has security holes big enough to drive a Mack truck through if not configured correctly. Protocols such as TCP/IP, FTP, and ODBC help form the backbone of modern B2B commerce, but they bypass OS/400 traditional command-line security provisions, and can be the pathway through which outside users execute commands, download data, or even delete files, if these exit points are not locked down.
Raz-Lee’s Security+++ suite is one of several third-party toolsets on the market that can help you lock down your OS/400 server and make it bulletproof, from a security point of view. The suite includes eight modules: Firewall+++, Screen+++, Password+++, Audit+++, Action+++, Capture+++, View+++, and Visualizer+++. The modules can be implemented together or separately, and can each be accessed from a native greenscreen or a Java GUI; there are also iSeries Navigator plug-ins available for the modules, enabling use through IBM‘s graphical systems management console.
The heart of the Security+++ suite, Raz-Lee’s Firewall+++, provides traditional firewall functionality, such as incoming and outgoing TCP/IP address filtering. But it goes beyond what is normally associated with a firewall, and provides OS/400-specific capabilities, including governing access to OS/400 objects, controlling what actions users can take, and–perhaps most importantly–protecting those OS/400 exit points.
In April, Raz-Lee unveiled a new release of Firewall+++, version 11.1. With this release, the company provided more fine-grained control over users, including new sign-on features that allow the administrator to limit each user’s access to telnet, to specific IPs, and to specific terminals. The new release also allows administrators to revoke or enable certain IP addresses to run certain commands against the database, including SQLENT, SQL, NDB, and OBJINF commands.
Another key member of the Security+++ suite is Audit+++, which enables administrators to monitor user activities and object access in real-time. Audit+++ keeps an activity log, against which administrators can run more than 80 pre-canned reports, to get a sense of long-term trends. Raz-Lee says using its GUI makes it easier for users to manage the large number of system values and parameters involved in OS/400, and is preferable to using OS/400’s native auditing features, which it describes as “notoriously slow and inefficient.”
With Audit+++ version 6.0, which was released in March, Raz-Lee added several new capabilities, including real-time auditing of message queues. Raz-Lee says this new feature gives administrators the option to modify their auditing rules according to all the message queue parameters. Version 6.0 can also automatically generate a response to the message, alert the administrator via e-mails or SMS, or react to it directly.
Audit+++ version 6.0 also features new integration capabilities with Capture+++ 6.0, the new release of Raz-Lee’s surveillance tool for capturing users’ OS/400 screens, for regulatory compliance and technical support purposes. With the version 6.0 releases of these products, administrators gain the capability to see the captured screen of a certain job from the Audit+++ log. Conversely, administrators looking at a captured screen can see the Audit+++ log of the job.
Raz-Lee introduced Capture+++ in the spring of 2004 to fill the need for screen monitoring software that helps companies comply with new regulations in the banking, insurance, and healthcare industries. The software can be programmed to capture screens when certain criteria are met, such as a certain IP address or user ID is used, or users are logging on at a certain time of day. Screen captures and all associated job logs and CL programs can be viewed through a display. A text search facility is also included.
Raz-Lee also introduced Action +++ 6.0 in March, but no details of this new version were available at press time.
Raz-Lee, which got its start selling the FileScope reporting tool for OS/400, says it has more than 10,000 installations around the world. Its products are distributed in the United States, where the company is working to develop a presence through a partnership with Cybra, a Yonkers, New York, developer of OS/400 barcode software.