Raz-Lee Cracks Down on CL Commands with New Software

July 24, 2012 Alex Woodie

Raz-Lee Security this month unveiled a powerful new IBM i security tool that gives administrators the power to prevent users from issuing control language (CL) commands. The new product, called Command, is the most complete CL control product on the market, the company claims.

Securing IBM i servers can be a complex process that requires taking several different approaches. Exit points must be monitored to ensure no untoward activity is taking place via FTP or another network access route. Authority levels must be properly configured and continuously watched. Encryption, journaling, and passwords are other areas to consider.

But one area that has been tough to crack down on is CL commands. For experienced users and administrators, CL commands are quick and powerful ways to accomplish tasks. In the hands of a rouge user, however, the CL prompt can be a dangerous gap in the security net surrounding the IBM i server.

Several security software vendors offer tools to help reign in CL abuse. However, they don’t go far enough to crack down on CL use, Raz-Lee CEO Schmuel Zailer said during the recent COMMON conference in Anaheim, California, where he talked about the forthcoming product launch. A clever user could easily mask his intentions by hiding CL commands within other commands and CL programs, and the other CL-blocking tools don’t address this, he said.

The new Command product addresses this by analyzing each CL command, including, its parameter, origin, and context (i.e. the program which initiated the CL command), not to mention the user. “Command is the only product that has the ability to refer, for analysis or change, to each part of a complex parameter separately, as well as to the parameter as a whole,” the company says in a press release.

When Command is turned on, it will reject or allow any IBM or user-defined CL command. It will also initiate alerts by e-mail, syslog, and Twitter. Security administrators can modify the software based on an element, a qualifier, an entire parameter, or the CL command itself, the company says. All product activity is logged, and reports can be automatically generated and distributed as PDF or HTML documents via email.

The product provides an extensive log via a full Report Generator and Scheduler, and e-mails HTML and PDF reports. The product is a component of Raz-Lee’s iSecurity suite.

The new product answers requests from Raz-Lee customers for a “firewall” type product for CL commands, says Eli Spitz, the company’s vice president of business development. “Command’s … features, such as the ability to display the program library as well as the programs in the program stack when the command was issued, are market-unique features which add to the usefulness and benefits of the product,” he stated in a press release.

Command is available now. Pricing is tier-based and ranges from $2,500 to $9,500. For more information on the product see the company’s website at www.razlee.com.

RELATED STORIES

Raz-Lee Unloads New Products at COMMON

Raz-Lee Claims IBM i Data-Access Breakthrough with DB-Gate

Raz-Lee Feeds IBM i Data into RSA SIEM

Raz-Lee Unveils GUI for IBM i Journal Security Tool

Raz-Lee Gets the Twitter Bug

Imperva and Raz-Lee Team Up for DB2/400 Security Software

Raz-Lee Adds Object-Level Security to i OS Security Suite

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Tags:

Sponsored By
TEMBO APPLICATION GENERATION

It is extremely important to recognize that if your
installation has not yet adopted the SQL (DDL/SQE) engine
as your primary DB2 for i interface and is still primarily
using the ISAM (DDS/CQE) engine for database access,
you are using the leading high volume commercial OLTP
platform severely shackled and constrained.

Why SQL Engine?

1. The DB2 SQL engine has been the foundation of all developments and enhancements to IBM i
(and predecessors) since 2000.

2. In a highly competitive business environment it is all about AGILITY - the DB2 SQL engine enables that.

3. It offers up-to-date database documentation and access to leading database modeling tools.

4. It is the strategic database interface for the industry (standards compliancy).

5. It allows you to present a modern database to the outside world, and to your users, with meaningful
longer file (table) and field (column) names, which is a foundational requirement for Analytics.

6. It is the foundation for any real, lasting application modernization and agility responding to
DB change requests.

7. It ensures:
   • data integrity
   • improved Return on Investment
   • reduction in costs, speed to respond
   • massive increase in performance
   • openness
   • skills availability

How To Upgrade To Native SQL Engine

Due to the perceived risk and complexity, most IBM i installations internationally have continued to use the ISAM (DDS/CQE) engine as their primary database access method. This has certainly added to the perception that the platform is legacy, whilst it is in fact probably the most advanced implemantation of the DB2 database engine. We, as the installed base, however have been guilty of severely hampering and constraining our systems as a result, causing our system to be perceived as old, unyielding and legacy.

It is entirely feasible for you to upgrade from the ISAM to SQL engine with:

   • Little to no disruption
   • Little to no risk
   • Gradually (one file, library, database or system at a time)
   • Without the use of Surrogates
   • Non-invasively
   • Easily
   • And with no need to recompile your code (No LVLID changes)!!!

AO Foundation Solution

The fundamental requirement in the first place of implementation is to upgrade as much as possible to a high performing, native SQL (DDL) database, excluding unsupported constructs (see AO Website for details) without ANY LIVID changes.

   • Evolution, not revolution.
   • One File, one library, one database or one system at a time.
   • Facilitate AGILITY!
   • Enable ANALYTICS!
   • Long file and field names "out of the box," depending on internal practices.
   • Allowing any combination of ISAM and SQL to co-exist.
   • No to low risk.
   • Gradual, non-disruptive roadmap.
   • Regain control of your database(s).
   • Gradual sanitation of your database(s).
   • Gradual consolidation of your Metadata.
   • Regain control of your Metadata.
   • Gradually enhance/enrich your Metadata ala OA Metadata Consortium.
   • Native leveraged SQL database.
   • Central management of Database Indexing Strategy.
   • FULL, native management of your ISAM (CQE) and SQL (SQE) database(s) on DB2 for i.
   • Non-invasive, incremental roadmap.

Once the inital upgrade is facilitated, the database(s) can then gradually, incrementally improved and sanitized, focusing on ROI the entire time.

AO Foundation Benefits

Immediate, low-risk, non-disruptive exploitation of the native SQL database engine.

   • Solid foundation for future modernization projects.
   • Your database now presents itself as modern to the outside world and your end users.
   • AO Foundation removes the tedium and error-prone repetition out of upgrading to the
     SQL (SQE) engine, allowing you to focus on value adding aspects of application modernization.
   • No "vendor lock-in" - we deliver your database back completely under your control.
   • No LVLID changes during Phase 1 of database upgrade process, hence no recompilation
     of ANY code.
   • Massive potential performance benefits
   • AGILITY
   • FULL, native IBM i based management of your ISAM and SQL database(s) on DB2 for i.
   • Gradual, non-disruptive roadmap
   • Unshackled applications, unlocking the full value of your IT investments
   • Multi-Tier architecture

www.adsero-optima.com

YES YOU CAN!!!

IBM i Tech Conference Keeps Education Light Burning Is An RPGOA-like Standard For HTML5 On The Horizon?

Table of Contents

Recent Posts

Subscribe

Pages

Search