Raz-Lee Cracks Down on CL Commands with New Software
July 24, 2012 Alex Woodie
Raz-Lee Security this month unveiled a powerful new IBM i security tool that gives administrators the power to prevent users from issuing control language (CL) commands. The new product, called Command, is the most complete CL control product on the market, the company claims.
Securing IBM i servers can be a complex process that requires taking several different approaches. Exit points must be monitored to ensure no untoward activity is taking place via FTP or another network access route. Authority levels must be properly configured and continuously watched. Encryption, journaling, and passwords are other areas to consider.
But one area that has been tough to crack down on is CL commands. For experienced users and administrators, CL commands are quick and powerful ways to accomplish tasks. In the hands of a rouge user, however, the CL prompt can be a dangerous gap in the security net surrounding the IBM i server.
Several security software vendors offer tools to help reign in CL abuse. However, they don’t go far enough to crack down on CL use, Raz-Lee CEO Schmuel Zailer said during the recent COMMON conference in Anaheim, California, where he talked about the forthcoming product launch. A clever user could easily mask his intentions by hiding CL commands within other commands and CL programs, and the other CL-blocking tools don’t address this, he said.
The new Command product addresses this by analyzing each CL command, including, its parameter, origin, and context (i.e. the program which initiated the CL command), not to mention the user. “Command is the only product that has the ability to refer, for analysis or change, to each part of a complex parameter separately, as well as to the parameter as a whole,” the company says in a press release.
When Command is turned on, it will reject or allow any IBM or user-defined CL command. It will also initiate alerts by e-mail, syslog, and Twitter. Security administrators can modify the software based on an element, a qualifier, an entire parameter, or the CL command itself, the company says. All product activity is logged, and reports can be automatically generated and distributed as PDF or HTML documents via email.
The product provides an extensive log via a full Report Generator and Scheduler, and e-mails HTML and PDF reports. The product is a component of Raz-Lee’s iSecurity suite.
The new product answers requests from Raz-Lee customers for a “firewall” type product for CL commands, says Eli Spitz, the company’s vice president of business development. “Command’s … features, such as the ability to display the program library as well as the programs in the program stack when the command was issued, are market-unique features which add to the usefulness and benefits of the product,” he stated in a press release.
Command is available now. Pricing is tier-based and ranges from $2,500 to $9,500. For more information on the product see the company’s website at www.razlee.com.