Shield Updates FTP Security Tool for IBM i
May 14, 2013 Alex Woodie
Shield Advanced Solutions last week announced it’s now shipping an update to its FTP security tool for IBM i. FTP Guard4i version 7.1 features several upgrades over the product it replaces, FTP Manager 6.1, including better auditing of users’ FTP activities and a new Web interface designed to make it easier to use.
FTP is a critical communication tool, but it doesn’t come without risks, especially on the IBM i server. Without the appropriate system configurations or use of third-party tools, users are free to distribute IBM i data to their hearts’ delight. IBM provides exit points for FTP, as it does for other network protocols that weren’t widely used when OS/400 was created. But it’s up to the IBM i customers to either write their own exit programs to take advantage of the access controls enabled by the exit points, or buy third-party exit programs that do this for them.
FTP Guard4i is one such exit program for FTP. The software works with the IBM i exit point for FTP to facilitate whether FTP requests from users will be allowed or not. The product shields users from having to work with IBM’s APIs, and provides a GUI and logging capabilities as well.
According to Shield, FTP Guard4i gives administrators granular control over FTP access requests. This includes who can use FTP, what data they can move with FTP, where they can access FTP, and when they can do this. The FTP configuration rules can be set up from either the green-screen (UIM) interface or the new Web interface, and are stored as user space objects, which boosts speed and security, Shield says.
“The PHP based interface is also a major update. It’s easier to see and manage the FTP users’ activities,” says Shield’s president Chris Hird. “No more trying to work through menus and panel groups to set things up. The new PHP interface is modern and friendly plus it provides a lot more information in a single view than we could ever fit on the old 5250 panels. The new interface makes setting up and managing very easy. No more ‘IBM i is old technology’ arguments.”
One of the features enabled by the new Web interface is a view that shows currently connected users and information about their FTP connections. “This can be a real benefit to the administrator, who now has real-time data about who is using the FTP services,” Hird says. The one caveat to the new Web interface is that it requires a separate license to the Easycom i5_toolkit from AURA Equipments. Shield is an AURA partner and can sell this as part of a FTP Guard4i deal.
Logging is another area that is improved over the previous product. The new Web interface makes it easy to drill down into the logs to see details about users’ FTP activities. “The logging of FTP activity is one area where we see the most interest,” Hird says. “People want to know who has access to their objects and data. Exit points are just the start.”
As more IBM i shops open their systems to remote users, partners, and customers, it’s critical to ensure that basic security provisions have been taken to protect against potential vulnerabilities, as FTP most assuredly is on the IBM i platform. Some IBM i shops understand the potential security problems FTP can cause, but are put off by the complexity of IBM’s exit point APIs. These are potential clients for FTP Guard4i.
“FTP Security is an area most IBM i shops ignore because they believe the IBM i is naturally more secure than other platforms,” Hird says. “I use FTP a lot and I see many other IBM i users using it as well, so we all need to start adopting a secure FTP environment. Waiting until we lose sensitive data is not an option.”
FTP Guard4i pricing is tier-based and ranges from $750 to $6,000. For more information see www.shieldadvanced.com.
Shield’s FTP Client Addresses Problems with CCSID Configurations