CCSS Targets Security Issues in ‘Best Practices’ Guide

January 18, 2011 Alex Woodie

Systems management software firm CCSS has written a new best practices guide aimed at enlightening administrators about the ramifications of security breaches in the IBM i OS. The four-page paper encourages admins to think not only about the data lost to cyber criminals eager to hack their systems, but also about unintended security breaches hurting system availability.

One doesn’t usually think of CCSS as a security software company. After all, the U.K. firm’s main field of expertise is systems management and monitoring of IBM i servers, not exit points or users with ALLOBJ authority. Keeping the server running efficiently with the least amount of effort is the bailiwick for CCSS, which only recently started delving deeper into IBM i security issues, such as with its support for security audit journals in its QMessage Monitor (QMM) offering.

But with its new paper, titled “The Ghost in the Machine,” CCSS draws a convincing line connecting good systems management with solid security practices. In many situations, the first line of defense following a security breach is a monitoring tool that can detect the problem.

For example, CCSS cites one case of an American logistics company that experienced a security breach. The company, which didn’t know its system was compromised, was forced to spend lots of money to activate additional capacity on its System i server when it was unable to detect the cause of a runaway job. Better systems management and monitoring could have kept the customer more informed on the state of the system, saving it money.

It comes down to covering “hot spots” of risk in a System i environment, says CCSS product manager Paul Ratchford.

“When we talk about security issues, it’s not just a malicious threat from the outside,” he says. “It also includes situations that breach internal protocols that are not driven by any sort of sinister motivation and also, the circumstances that can leave the system vulnerable to attack, whether one occurs or not. The guide aims to assess these common areas of risk exposure and offers solutions to eliminate them.

To download the new best practices guide, go to www.ccssltd.com/resources/best-practice.php.

Sponsored By
LINOMA SOFTWARE

Secure File Transfers and Encryption Solutions - GoAnywhere Suite

GoAnywhere Director is a secure file transfer solution with features to support the most demanding environments. GoAnywhere Director streamlines and secures the exchange of data with your customers, trading partners and servers. It allows your organization to consolidate all of its data transmission and processing needs under one solution with a single point of control and administration. With GoAnywhere Director, clients are saving significant time and money by eliminating the custom programming and manual steps traditionally required for moving data.

Key Benefits include:
  • Simplifies and automates FTP processes
  • Connects to secure FTP servers (SFTP and FTPS) for protected communication
  • Encrypts and decrypts files using Open PGP encryption standard
  • Compresses and decompresses files using ZIP, GZIP, and TAR standards
  • Translates data to/from database tables, Excel, XML, Delimited text, and Fixed Width file formats
  • Provides a comprehensive built-in scheduler
  • Produces complete logging reports
  • Includes integrated Key Management tools

GoAnywhere Director can be installed onto IBM System i, IBM System p (AIX), IBM System z (Mainframe), Windows, Linux, UNIX, HP-UX, Mac OS and Solaris platforms.

GoAnywhere Services is a secure file server that allows trading partners (both internal and external) to securely connect to your system and exchange files within a fully managed and audited solution. Popular file transfer and encryption standards are supported without the need for proprietary client software.

Key Benefits include:
  • Installs onto most platforms including Windows, Linux, IBM i, AIX, UNIX and Solaris
  • Provides an intuitive browser-based interface for remote administration and monitoring
  • Includes trading partner account management with permission controls
  • Supports standard transfer protocols of FTP, SFTP, FTPS, HTTP and HTTPS
  • Secures transmissions with SSL/TLS or SSH encryption
  • Automatically processes files based on user-defined trigger events
  • Provides an optional web client for browser-based file transfers
  • Generates detailed audit logs and alert messages
  • When integrated with GoAnywhere Gateway (Reverse Proxy Server for the DMZ), no sensitive
     information (files, users, passwords, certificates, etc) is stored in the DMZ and no inbound ports
     need to be opened into the private (internal) network.

To download a free trial of the GoAnywhere Suite visit:
www.GoAnywhereMFT.com

Rising Spending Tide Finally Raises the SAP Boat A Reusable Routine for Doubly-Linked Lists, Part 1

Table of Contents

Recent Posts

Subscribe

Pages

Search