• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Raz-Lee Cracks Down on CL Commands with New Software

    July 24, 2012 Alex Woodie

    Raz-Lee Security this month unveiled a powerful new IBM i security tool that gives administrators the power to prevent users from issuing control language (CL) commands. The new product, called Command, is the most complete CL control product on the market, the company claims.

    Securing IBM i servers can be a complex process that requires taking several different approaches. Exit points must be monitored to ensure no untoward activity is taking place via FTP or another network access route. Authority levels must be properly configured and continuously watched. Encryption, journaling, and passwords are other areas to consider.

    But one area that has been tough to crack down on is CL commands. For experienced users and administrators, CL commands are quick and powerful ways to accomplish tasks. In the hands of a rouge user, however, the CL prompt can be a dangerous gap in the security net surrounding the IBM i server.

    Several security software vendors offer tools to help reign in CL abuse. However, they don’t go far enough to crack down on CL use, Raz-Lee CEO Schmuel Zailer said during the recent COMMON conference in Anaheim, California, where he talked about the forthcoming product launch. A clever user could easily mask his intentions by hiding CL commands within other commands and CL programs, and the other CL-blocking tools don’t address this, he said.

    The new Command product addresses this by analyzing each CL command, including, its parameter, origin, and context (i.e. the program which initiated the CL command), not to mention the user. “Command is the only product that has the ability to refer, for analysis or change, to each part of a complex parameter separately, as well as to the parameter as a whole,” the company says in a press release.

    When Command is turned on, it will reject or allow any IBM or user-defined CL command. It will also initiate alerts by e-mail, syslog, and Twitter. Security administrators can modify the software based on an element, a qualifier, an entire parameter, or the CL command itself, the company says. All product activity is logged, and reports can be automatically generated and distributed as PDF or HTML documents via email.

    The product provides an extensive log via a full Report Generator and Scheduler, and e-mails HTML and PDF reports. The product is a component of Raz-Lee’s iSecurity suite.

    The new product answers requests from Raz-Lee customers for a “firewall” type product for CL commands, says Eli Spitz, the company’s vice president of business development. “Command’s … features, such as the ability to display the program library as well as the programs in the program stack when the command was issued, are market-unique features which add to the usefulness and benefits of the product,” he stated in a press release.

    Command is available now. Pricing is tier-based and ranges from $2,500 to $9,500. For more information on the product see the company’s website at www.razlee.com.

    RELATED STORIES

    Raz-Lee Unloads New Products at COMMON

    Raz-Lee Claims IBM i Data-Access Breakthrough with DB-Gate

    Raz-Lee Feeds IBM i Data into RSA SIEM

    Raz-Lee Unveils GUI for IBM i Journal Security Tool

    Raz-Lee Gets the Twitter Bug

    Imperva and Raz-Lee Team Up for DB2/400 Security Software

    Raz-Lee Adds Object-Level Security to i OS Security Suite



                         Post this story to del.icio.us
                   Post this story to Digg
        Post this story to Slashdot

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    Focal Point Solutions Group

    Comprehensive Data Protection from Focal Point SG

    Your organization needs to be thinking differently about your backup & disaster recovery strategy

    Concerns of the Industry

    • Inefficient manual backup processes
    • Effectively storing data offsite
    • Developing and testing a concrete disaster recovery plan
    • Efficient access to data in a disaster scenario for necessary users
    • Risk of cyber security attack
    • Declining IT staff and resources

    The true cause of the above concerns is an organization’s status quo – 80% of IBM i users currently backup to tape and 40% of companies have no DR plan at all. Don’t wait for a disaster to take action.

    The new way to ensure cost-effective safety

    • Automated cloud backup
    • Two (2) remote sites – redundant storage, power, internet pipe, firewalls, etc.
    • Data encryption at all times – in-flight and at-rest
    • Fully managed remote hardware DR, including remote VPN access for necessary users
    • Regularly simulated phishing tests and cyber security training

    Potential “landmines” in solutions to avoid

    • Single point of storage – no redundancy
    • Misleading data analysis, compression/de-dup ratios, sizing of necessary computer resources for backup and DR
    • Large-scale cloud storage with difficult recovery
    • Inability to meet RTO/RPO

    Don’t get caught like the many organizations we’ve seen with inefficient exposed backup data and no DR plan!

    What VAULT400 has to offer

    Backup

    • Native software agent schedules backups to the Focal Point SG cloud based on your retention scheme
    • Client data is backed up to two data centers in US or two data centers in Canada
    • 256-bit AES encryption in-flight and at rest – only the client has the encryption key
    • Detailed data analysis to ensure proper sizing

    Disaster Recovery as a Service (DRaaS)

    • Focal Point SG provides “hands-off” DR – fully managed recovery
    • 60 days of remote VPN access available to unlimited users in event of a disaster
    • Documented reports to ensure defined SLAs are met

    Managed Service Cyber Security Training

    • Fully managed phishing tests
    • Detailed reporting of results
    • Fully managed administration of custom online cyber security training

    VAULT400 Cloud Backup & DRaaS is an IBM Server Proven Solution.

    VAULT400.com/proposal for FREE analysis & proposal

    813.513.7402 | ContactUs@FocalPointSg.com

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    Townsend Security:  View the recorded Webcast: Secure Managed File Transfers for the IBM i
    Help/Systems:  FREE: Download the IBM i Scheduling Survival Guide
    Abacus Solutions:  More affordable and flexible alternatives to deliver secondary workloads

    IT Jungle Store Top Book Picks

    BACK IN STOCK: Easy Steps to Internet Programming for System i: List Price, $49.95

    The iSeries Express Web Implementer's Guide: List Price, $49.95
    The iSeries Pocket Database Guide: List Price, $59
    The iSeries Pocket SQL Guide: List Price, $59
    The iSeries Pocket WebFacing Primer: List Price, $39
    Migrating to WebSphere Express for iSeries: List Price, $49
    Getting Started with WebSphere Express for iSeries: List Price, $49
    The All-Everything Operating System: List Price, $35
    The Best Joomla! Tutorial Ever!: List Price, $19.95

    IBM i Tech Conference Keeps Education Light Burning Is An RPGOA-like Standard For HTML5 On The Horizon?

    Leave a Reply Cancel reply

Volume 12, Number 20 -- July 24, 2012
THIS ISSUE SPONSORED BY:

looksoftware
SEQUEL Software
HiT Software
Tembo Application Generation
RJS Software Systems

Table of Contents

  • CYBRA Completes Forms Journey with MarkMagic 8
  • Jumping Hurdles From Green Screen to Graphical
  • Software AG Maintains Investment in Jacada Tools
  • Raz-Lee Cracks Down on CL Commands with New Software
  • Robot/NETWORK Now Displays Performance Data
  • Emulator Vendors Begin March Toward Windows 8
  • Go Bankrupt, Get Free Software
  • IntelliChief Lands More Infor Customers
  • Zend Releases Hotfix Update for IBM i PHP Stack
  • Introducing the IBM Intranet Experience

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • IBM i Has a Future ‘If Kept Up To Date,’ IDC Says
  • When You Need Us, We Are Ready To Do Grunt Work
  • Generative AI: Coming to an ERP Near You
  • Four Hundred Monitor, March 22
  • IBM i PTF Guide, Volume 25, Number 12
  • Unattended IBM i Operations Continue Upward Climb
  • VS Code Is The Full Stack IDE For IBM i
  • Domino Runs on IBM i 7.5, But HCL Still Working on Power10
  • Four Hundred Monitor, March 6
  • IBM i PTF Guide, Volume 25, Number 11

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2023 IT Jungle