Security Bundle Blocks Unwanted Web Traffic from Reaching IBM i
September 4, 2012 Alex Woodie
IT professionals who are concerned about hackers pinging their exposed IBM i Web or FTP servers for security holes and configuration problems may be interested in a new security solution from KDP Software. The English firm is in the process of rolling out Perimeter Security for IBM i, a bundle of security tools that almost immediately blocks unwanted traffic at the network firewall, helping to shield not only the IBM i server but any other server sitting behind the firewall.
Perimeter Security for IBM i, which is still in beta, is composed of several pieces. At the center of the solution is the intrusion detection system (IDS) that IBM introduced with i5/OS V5R4. The IDS is very good at providing low-level monitoring of traffic coming into the IBM i server, and can identify specific types of attacks, such as the Malformed Packet attack and the Ping of Death attack, that aren’t identified by mainstream IBM i security tools, which typically monitor at the application level.
When the IDS detects an attack, KDP’s middleware immediately relays the offending IP addresses to Vyatta‘s X86-based firewall software, which will block all network traffic originating from those IP addresses. By extending the deep intrusion detection functionality of the IBM i IDS to the Vyatta firewall, KDP has provided a way to protect all computers that reside behind the firewall, not just IBM i servers.
KDP principle Kevin Passey explains how Perimeter Security for IBM i works. “Our new application contains a subsystem that has programs to look at the audit journal entries created by the IDS, which collects IP addresses and logs abnormal behavior,” he says. “Any attacks as defined by the IDS can have the offending IP addresses collected and automatically written to the firewall on the Vyatta router, thus almost instantly blocking the offender at the gateway.”
When KDP’s new bundle becomes available (perhaps in October), it will likely also include the FTP exit point monitoring software from Enforcive (formerly BSafe Solutions). KDP is a partner of Enforcive, and its FTP monitoring and syslog generation capability was used with the initial write of the application. However, any exit point monitoring solution could be used.
KDP’s middleware also has white- and black-listing functions, which can be defined by IP addresses or DNS names. It also separately monitors Apache server logs to detect abnormal behavior. These two functions can allow Perimeter Security to automatically blacklist IP addresses that are scanning for Web pages that don’t exist.
Passey, who built Perimeter Security because he was “tired of people scanning our website for holes,” says his new product would help customers take a more “proactive approach to security and the on-going threats to companies running Internet exposed applications on the IBM i.”
“In essence we are adding functionality to the IBM i IDS,” he says. “If you don’t have a security product and just use the IBM i IDS to alert you of problems and then take a reactive approach to the alerts, this will change this and [enable you to] take a proactive approach. You can’t do that if it’s the weekend and you’re away from the IBM i and an alert comes in.”
Perimeter Security for IBM i is just getting off the ground, and Passey is looking for beta customers and resellers who would carry the product in the U.S. and Europe. Passey intends to sell the middleware component–including the subsystem and an Eclipse-based GUI console–for £2,500, or about $3,150 at current exchange rates.
Passey also wants to put together a complete bundle, which includes the Vyatta software (available separately for about $1,000) and additional exit point monitors. Enforcive’s FTP monitor is the most likely contender here, but Passey also wants to get some coverage of email servers, too.
For more information on Perimeter Security for IBM i (and to log your IP address against the product itself), navigate your browser to KDP Software’s website at www.kdpsoftware.co.uk.