• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Help/Systems Launches Comprehensive Security i5/OS Suite

    August 28, 2007 Alex Woodie

    When Help/Systems set out 15 years ago to develop a suite of systems management tools for the AS/400, the company always intended for a security tool to be part of the mix. Now, the Minneapolis-area company is making good on that commitment with this week’s launch of Robot/SECURITY, a collection of five security modules that help protect System i servers from internal as well as external threats.

    For a version 1.0 release, Robot/SECURITY offers a surprisingly comprehensive array of i5/OS security capabilities. The product offers the obligatory network security through server exit point monitoring, while the audit reporting feature enables users to see how their i5/OS security configurations shape up compared to SOX, PCI, HIPAA, and COBIT standards. Another module is dedicated to keeping constant watch over changes through QAUDJRN, the operating system’s security audit journal.

    These are basic vanilla offerings that customers can find in a range of existing i5/OS security products. But Robot/SECURITY comes with two additional modules that offer more cutting-edge capabilities, including a profile swap feature that barricades users from powerful user profiles, and a graphical forensics analysis utility that lets managers dive deeper into activities that may have an effect on the security of the system. While users can find these capabilities in other products, Robot/SECURITY is the only offering to include all of these capabilities in a single product.

    Let’s start with the exit point monitoring feature of Robot/SECURITY. Exit point monitoring is critical on the System i to ensure that users can’t bypass the platform’s strong security controls by accessing the server over network services like FTP or ODBC. Without exit point monitoring in place, there is a giant, gaping hole in the security of network-enabled System i servers.

    Robot/SECURITY monitors only server exit points, such as FTP, ODBC, JDBC, Telnet, SQL, and others. The product offers a rich array of configuration options, including the capability to restrict access to exit points by users, groups of users, and certain user profiles, as well as by objects. Managers can set up the product just to log exit point activity, and then lock down access later on. It also includes reports, scheduling options and the capability to set up exceptions for holidays, in addition to many other options.

    The product’s security audit module is designed to help managers through the complicated process of setting up System i security, continually monitoring security settings, and seeing how the settings stack up against industry standards. The product looks at various settings, including user, library, and object authority levels; general system settings such as Access Control Lists, and job descriptions and workstation entries. Managers are advised to periodically run various audit reports, which give a pass or fail grade based on how it compares to the initial security settings; they can then “drill down” into the reports to see what specifically needs fixing.

    By monitoring all the entries written to the QAUDJRN, Robot/SECURITY is able to keep a real-time eye on System i security and give the manager a head-start on potentially damaging security events. This module watches the QAUDJRN for events that could signify a security breach (or a failed attempt to breach security), such as password failures, authority failures, or changes to user profiles or security settings. By hooking into other Help/Systems products, including Robot/ALERT or Robot/NETWORK, system administrators can make sure that events are dealt with swiftly.

    But by running the Profile Exchange module of Robot/SECURITY, customers can forestall many of the common security problems befalling iSeries and System i users. Profile Exchange eliminates the need for users to run with powerful user profiles, such as ALLOBJ and QSYSOPR, which give users unfettered access to very powerful capabilities on the server. By allowing users to temporarily swap into powerful user profiles when they need them–as opposed to running under the powerful user profiles on an everyday basis–Profile Exchange can minimize the risk of an internal security breach.

    Administrators can use the product’s profile mapping feature to set up users’ alternate accounts. The feature can be set up to allow users to swap into more powerful profiles by several means, including on an individuals basis, by lists of users, and by primary and supplemental groups; separate controls can be set for user profile swapping for interactive versus batch. Integration with Robot/NETWORK ensures profile swapping works with more than one System i server, while reporting features let managers see who swapped into their powerful profiles, and when.

    While the product’s security audit module offers some analysis capabilities, managers can get a much broader picture of their server’s security posture from Robot/SECURITY’s Forensics Analysis Utility. In addition to gathering data from the QAUDJRN module, the Java-based tool brings in data from the QHIST log, the QSYSOPR message queue, other message queues, and other Help/Systems products, including Robot/ALERT, Robot/TRANSFORM, and Robot/REPORTS.

    The Forensics Analysis Utility addresses the age-old problem afflicting System i managers: separating the wheat from the chaff. “There are so many entries. What the heck do you do?” says Tom Huntington, vice president of technical services at Help/Systems. “What value is it when you have 10,000 adopted authority entries. What does that mean?

    With the Forensics capability, users can interrogate the system from several angles. “It interrogates several sources, and it pulls out things based on whatever selection criteria you set up. So you can see all the entries associated with jobs, with a date range, or with a user. Then there are more filters, so you don’t spend too much time.”

    Robot/SECURITY’s Forensic Analysis Utility gives administrators a powerful interface for detecting potential security breaches.

    Robot/SECURITY has been on the drawing board at Help/Systems for more than a decade. “It was part of the original Robot vision,” Huntington says. “At least 15 years ago, we came out with the Robot vision for the product line and security was always on that. And we’re finally completing that piece of the puzzle.”

    Over the years, many existing customers have asked when Help/Systems would finally ship the security product, Huntington says. “It would have been nice to have it out two years ago,” he says. “[But] I don’t think we’re too late in the marketplace. A lot of people have solutions that they’re not happy with.”

    Robot/SECURITY version 1.0 will become available for download from the Help/Systems’ Web site later this week. The product supports i5/OS V5R3 and V5R4, and ranges in price from $2,500 to $20,300. Like it does for all its products, Help/Systems offers a free 30-day trial download for Robot/SECURITY.

    Huntington is hosting a Webinar on Robot/SECURITY Thursday at 9 a.m. CDT. To sign up for the event, go to www.helpsystems.com/education/econferences_signup.html?econference=00000000840.



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    Rocket Software

    Meet digital age demands while maximizing your IT investment.

    Future-proof your mission-critical applications with Rocket® Solutions for IBM® i that keep your business ahead of the curve.

    Learn More

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    Krengeltech:  Compose, transmit and parse XML without ever leaving RPG
    COMMON:  Join us at the annual 2008 conference, March 30 - April 3, in Nashville, Tennessee
    NowWhatJobs.net:  NowWhatJobs.net is the resource for job transitions after age 40

    IT Jungle Store Top Book Picks

    The System i Pocket RPG & RPG IV Guide: List Price, $69.95
    The iSeries Pocket Database Guide: List Price, $59.00
    The iSeries Pocket Developers' Guide: List Price, $59.00
    The iSeries Pocket SQL Guide: List Price, $59.00
    The iSeries Pocket Query Guide: List Price, $49.00
    The iSeries Pocket WebFacing Primer: List Price, $39.00
    Migrating to WebSphere Express for iSeries: List Price, $49.00
    iSeries Express Web Implementer's Guide: List Price, $59.00
    Getting Started with WebSphere Development Studio for iSeries: List Price, $79.95
    Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00
    Getting Started with WebSphere Express for iSeries: List Price, $49.00
    WebFacing Application Design and Development Guide: List Price, $55.00
    Can the AS/400 Survive IBM?: List Price, $49.00
    The All-Everything Machine: List Price, $29.95
    Chip Wars: List Price, $29.95

    SAP Gets Ready to Launch A1S Online Apps on September 19 PHP: An Easy Yet Powerful Language Syntax

    Leave a Reply Cancel reply

Volume 7, Number 32 -- August 28, 2007
THIS ISSUE SPONSORED BY:

Profound Logic Software
Vision Solutions
COMMON
Bytware
DRV Technologies

Table of Contents

  • Help/Systems Launches Comprehensive Security i5/OS Suite
  • Database Optimizing Goes Autonomic with New Tool from Centerfield
  • SkyView Opens Up Security Policy Product
  • NGS Brings Modern DB2/400 Query Development to BI Suite
  • Hong Kong Company Supports i5/OS with Backup Product
  • Valid Tech Supports Windows Terminal Services with Biometric Authentication System
  • InfoPrint Solutions Launches Two Color Printers
  • English Consultancy Launches Application Modernization Initiative
  • Homebuilder Taps LANSA for Lead Management System
  • Infor Updates i5/OS-Based Distribution Solution

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • POWERUp 2025 –Your Source For IBM i 7.6 Information
  • Maxava Consulting Services Does More Than HA/DR Project Management – A Lot More
  • Guru: Creating An SQL Stored Procedure That Returns A Result Set
  • As I See It: At Any Cost
  • IBM i PTF Guide, Volume 27, Number 19
  • IBM Unveils Manzan, A New Open Source Event Monitor For IBM i
  • Say Goodbye To Downtime: Update Your Database Without Taking Your Business Offline
  • i-Rays Brings Observability To IBM i Performance Problems
  • Another Non-TR “Technology Refresh” Happens With IBM i TR6
  • IBM i PTF Guide, Volume 27, Number 18

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle