• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Bsafe Puts a Smack Down on Rouge IP Traffic

    September 11, 2007 Alex Woodie

    Earlier this month, Bsafe Information Systems introduced a new security product that provides IP packet filtering for System i servers. Called IP Packet Lockdown, the new product gives users more control over exactly which IP addresses, and through which ports, are allowed access to the system. The new product will provide another layer of security, especially when coupled with i5/OS’s exit-point security.

    IP packet filtering is a security technique that is often used inside firewalls to block unwanted Internet traffic. It’s a platform-neutral technology that doesn’t have anything to do specifically with the System i server, but it can be as useful in protecting System i servers as any other server. IBM offers IP packet filtering as one of the configurable options through iSeries Navigator, but it hasn’t been adopted much by third-party security software vendors, who have been more focused on technologies that are specific to OS/400 and i5/OS, namely exit points.

    While IP packet filtering is relatively unknown in the System i world, being relegated to the “network guys,” Bsafe doesn’t see any reason why IP packet filtering shouldn’t be implemented and controlled with the same security software used to lock-down the most sensitive server in System i shops–the System i itself. To that end, Bsafe launched IP Packet Lockdown, which functions as an add-on to Bsafe’s flagship product, Bsafe/Enterprise Security.

    IP Packet Lockdown controls Internet traffic through a series of granular rules governing exactly how Internet traffic will be allowed onto the System i server, as well as how Internet traffic will be allowed to depart. The main parameters used to configure the rules are source IP address and port, and destination IP address and port. If the address and port do not match what is allowed, IP Packet Lockdown blocks the data before it even reaches the port. As such, it functions largely above the operating system.

    Bsafe tried to simplify the IP packet filtering configuration process by allowing rules to be set up for ranges of IP addresses and ports. IP addresses and ranges can also be augmented with descriptions like “Bob’s PC” or “main building,” which makes it easier for administrators to recognize specific resources. After all, keeping track of hundreds or thousands of long IP address and what they represent can be a mind-numbing task.

    IP Packet Lockdown executes rules in numerical order, which means the most general rules should be listed first, followed by the more specific, restrictive rules. Rules can be enabled or disabled at any time. The software also logs all IP activity for later analysis through Bsafe/Enterprise Security Manager’s Windows-based GUI client or the product’s native green-screen interface. The data can also be off-loaded to Bsafe’s Cross-Platform Audit (CPA) product, which combines security information from various platforms, including i5/OS, mainframe, Windows, AIX, and Linux, for more detailed analysis.

    IP packet filtering can provide a valuable service to System i shops, even those that have invested in other forms of network security protection, such as object-level security and exit-point security. When requests arrive via generic user profiles, such as QTCP, it can be difficult to determine the exact nature of the request. In these cases, tracing the actual source of the network request, such as through IP packet filtering, can be very useful in saying whether a user request is legitimate or poses a security threat.

    Of course, because it lacks detailed information about the request, such as the user name of the requestor, IP packet filtering is limited in its usefulness. But in combination with other forms of protection, it can be very useful.

    “It is a first-level of defense,” says Bsafe spokesman Neil Leigh. “IP packet filtering is done at a different phase of the request’s path to its destination, when compared to exit points. It is intercepted the moment the request arrives at the System i port, before the OS/400-specific information is known.” Similarly, if it is an outgoing request, it is intercepted just before being transmitted to the port.

    The combination of packet filtering and exit point protection makes Bsafe/Enterprise Security stronger, says Shimon Bouganim, Bsafe’s CEO. “With Bsafe’s new IP Packet Lockdown, we are the only company providing double protection and double auditing in one package,” he says.

    IP Packet Lockdown is available now. The product requires Bsafe/Enterprise Security version 5.5.2 or higher. Pricing ranges from $2,000 to $10,000. For more information, visit www.bsafesolutions.com.

    RELATED STORIES

    Bsafe Introduces Cross-Platform Auditing

    Bsafe Launches Security Policy Compliance Manager



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    WorksRight Software

    Do you need area code information?
    Do you need ZIP Code information?
    Do you need ZIP+4 information?
    Do you need city name information?
    Do you need county information?
    Do you need a nearest dealer locator system?

    We can HELP! We have affordable AS/400 software and data to do all of the above. Whether you need a simple city name retrieval system or a sophisticated CASS postal coding system, we have it for you!

    The ZIP/CITY system is based on 5-digit ZIP Codes. You can retrieve city names, state names, county names, area codes, time zones, latitude, longitude, and more just by knowing the ZIP Code. We supply information on all the latest area code changes. A nearest dealer locator function is also included. ZIP/CITY includes software, data, monthly updates, and unlimited support. The cost is $495 per year.

    PER/ZIP4 is a sophisticated CASS certified postal coding system for assigning ZIP Codes, ZIP+4, carrier route, and delivery point codes. PER/ZIP4 also provides county names and FIPS codes. PER/ZIP4 can be used interactively, in batch, and with callable programs. PER/ZIP4 includes software, data, monthly updates, and unlimited support. The cost is $3,900 for the first year, and $1,950 for renewal.

    Just call us and we’ll arrange for 30 days FREE use of either ZIP/CITY or PER/ZIP4.

    WorksRight Software, Inc.
    Phone: 601-856-8337
    Fax: 601-856-9432
    Email: software@worksright.com
    Website: www.worksright.com

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    HiT Software:  DBMoto performs real-time as well as snapshot data replication
    COMMON:  Join us at the annual 2008 conference, March 30 - April 3, in Nashville, Tennessee
    NowWhatJobs.net:  NowWhatJobs.net is the resource for job transitions after age 40

    IT Jungle Store Top Book Picks

    The System i Pocket RPG & RPG IV Guide: List Price, $69.95
    The iSeries Pocket Database Guide: List Price, $59.00
    The iSeries Pocket Developers' Guide: List Price, $59.00
    The iSeries Pocket SQL Guide: List Price, $59.00
    The iSeries Pocket Query Guide: List Price, $49.00
    The iSeries Pocket WebFacing Primer: List Price, $39.00
    Migrating to WebSphere Express for iSeries: List Price, $49.00
    iSeries Express Web Implementer's Guide: List Price, $59.00
    Getting Started with WebSphere Development Studio for iSeries: List Price, $79.95
    Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00
    Getting Started with WebSphere Express for iSeries: List Price, $49.00
    WebFacing Application Design and Development Guide: List Price, $55.00
    Can the AS/400 Survive IBM?: List Price, $49.00
    The All-Everything Machine: List Price, $29.95
    Chip Wars: List Price, $29.95

    .NET Apps, WebSphere Portal, and Linux Servers in the Same Sandbox Reuse Deleted Records? *YES!

    Leave a Reply Cancel reply

Volume 7, Number 34 -- September 11, 2007
THIS ISSUE SPONSORED BY:

New Generation Software
LANSA
COMMON
ARCAD Software
RJS Software Systems

Table of Contents

  • Sentillion Aims for Low Cost, Ease-of-Use with SSO Product
  • Vaulting Over Backups: The Pros, Cons
  • Bsafe Puts a Smack Down on Rouge IP Traffic
  • Raz-Lee Eases Compliance with Update to iSecurity
  • EPI Now Distributing CenturioDB Tool
  • Logistics Company Adopts MIMIX from Vision Solutions
  • IBM Completes DataMirror Acquisition
  • Jack Henry Taps HealthEquity for Administration of Medical Accounts
  • InfoPrint Solutions Forms Developer Program for AFP Testing
  • IBM Spreads the developerWorks Love Through New ‘Gizmos’

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • Big Blue Raises IBM i License Transfer Fees, Other Prices
  • Keep The IBM i Youth Movement Going With More Training, Better Tools
  • Remain Begins Migrating DevOps Tools To VS Code
  • IBM Readies LTO-10 Tape Drives And Libraries
  • IBM i PTF Guide, Volume 27, Number 23
  • SEU’s Fate, An IBM i V8, And The Odds Of A Power13
  • Tandberg Bankruptcy Leaves A Hole In IBM Power Storage
  • RPG Code Generation And The Agentic Future Of IBM i
  • A Bunch Of IBM i-Power Systems Things To Be Aware Of
  • IBM i PTF Guide, Volume 27, Numbers 21 And 22

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2025 IT Jungle