Kisco Locks Down IBM i Security Tool

Kisco Information Systems last week unveiled SafeNet/i 9.0, a new version of its IBM i network security tool, which used to go by the name SafeNet/400. The new version uses IBM journaling to keep irrefutable logs of system activity. Other areas of enhancement include support for new IBM exit points, IFS object checks, user profile security, and a GUI redesign.

SafeNet/i is a network security tool that uses IBM exit points to lock down potentially dangerous routes of access to the IBM i server, such as ODBC and FTP connections. It has been said over and over again, but it’s worth repeating: IBM i shops that don’t take precautions to lock down these exit points are taking a big risk of unauthorized access to their IBM i servers.

SafeNet/i keeps a log of all IBM i exit point activity, as is customary with powerful tools used by security administrators. With Version 9.0, Kisco now gives the customer the option of logging activity to an IBM i journal; previously, customers could only log to a database file. This gives customers the capability to create a baseline of historical activity, which auditors will appreciate, since IBM i journal contents can’t be changed.

In addition to storing network activity logs to an IBM i journal, the new version also uses journals to store any configuration changes that have been made to the SafeNet/i product itself. This is important for tracking down who made changes to the security tool and when.

Version 9.0 implements a check for a new exit point, Spooled File Security, which was introduced by IBM with version 7.1 of the IBM i OS. This new exit point check gives customers better control over network access to spooled files on the IBM i platform. Multiple levels of access control limit access to specific output queues and to authorized users.

Kisco has also added a new scanning method for checking on object level security in the IFS. The company says that SafeNet/i previously conducted these tests by scanning the IFS path name from right to left. Now it’s scanning IFS path names from left to right. The company has also expanded path name lengths to 512 characters.

The product’s green-screen interface has been completely redesigned with version 9. Kisco says it has grouped similar functions to make working with menus easier. It has also included frequently used options with all menus.

SafeNet/i version 9 also shows an administrator the specific fields that changed when user profiles are changed. It also gives administrators more control over limiting the use of SQL, FTP, and Telnet access to the IBM i server.

SafeNet/i is available in four versions, including lite, basic, advanced, and enterprise packages. For more information, see the company’s website at www.kisco.com.

RELATED STORIES

Kisco Adds Digital Signatures to Spool-to-PDF Tool

Kisco Hooks WebReport/400 to Apache for Intranet Serving

Kisco User Auditing Tool Casts a Wider Net

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot