PowerTech Adds Centralized Management for Exit Points Security
October 21, 2015 Dan Burger
Insufficient data is the cause of all sorts of bad stuff. It could be the reason that two-thirds of IBM i shops have no network exit point programs in place. It’s not that information on exit point security doesn’t exist at tens of thousands of IBM midrange shops. But it is a lack of awareness that results in serious security weaknesses. With no steps taken to secure exit points, popular protocols like FTP and ODBC are potentially exposed.
PowerTech, the IBM i security software vendor under the HelpSystems umbrella, advises that monitoring the exit points is critical because the operating system (and its menu-based security approach) was designed before FTP, ODBC, and SQL were in in widespread use. Without a product or a program to guard the exit points, there is no oversight or control of the activity conducted using those protocols.
That’s not something you want showing up on a regulatory compliance audit. And even without the threat of noncompliance staring you in the face, it’s no comfort knowing sensitive data is ripe for the picking by anyone who determines it’s worth the minimal effort to snatch it. That leaves it up to you to decide whether it’s worth the effort to protect it.
“When security tasks are time-consuming and cumbersome, administrators are more likely neglect them,” said Robin Tatam, director of security technologies at HelpSystems. “That’s the unfortunate reality when IT professionals are overwhelmed with responsibilities.”
In a traditional environment, Tatam says, exit point rules often have to be configured on each LPAR or system. In its original configuration, PowerTech’s Network Security (PTNS) software was implemented in this fashion. Each instance required its own activation, reporting, monitoring, and configuration.
“Our IBM i audit reporting software (Compliance Monitor) already centralized the reporting of Network Security and Authority Broker activity–along with the plethora of IBM i operating system reports–so that aspect was never a challenge, but version 7 of PTNS now removes the requirement for individual rule management as well. This is especially beneficial to larger accounts, some of whom have dozens or even hundreds of LPARs,” Tatam notes.
Although understaffing for an extended length of time is known to create problems, it’s a common situation in many IT departments, including IBM i shops where IT staffing is traditionally the leanest of the lean. At its worst, understaffing leads to projects, even those with a high priority, never getting started and those that do get under way never getting accomplished.
Network Security is a PowerTech priority. It’s also the brand name of its network security software, which is considered to be PowerTech’s flagship product. The focal point of Network Security is exit point security. It’s not a new product, but it is a continually enhanced product. At the 6.5 release, one year ago, PowerTech added a graphical user interface option to the long-standing green-screen interface. Now, at the 7.0 release announced last week, Network Security gets centralized security management of multiple systems, which automates the application of security rules and avoids the time consuming process of server by server implementations.
“These centralization features, as well as the common HelpSystems WUI, are part of a general development theme throughout all of our various brands as we gradually unify the interfaces,” Tatam says. WUI is a Web user interface, a term that HelpSystems prefers to GUI, or graphical user interface.
“The term ‘centralized’ is used in our context to describe the capability to configure and push out configuration (rules) to multiple endpoints from one central managing system,” Tatam explained in an email.
Streamlining the process of configuring security settings and rules on a central server means the exit point security is more likely to be implemented, Tatam says. The net result is a higher level of security and less vulnerability.
In addition to the two-thirds of IBM i shops not using exit point security that was cited earlier, the remaining one-third that do use exit point programs are not covering all the exits. Only six percent are doing that.
These statistics, by the way, come from the annual PowerTech “State of the IBM i Security” survey, which analyzed 110 servers and partitions. The report created from that survey can be downloaded from the PowerTech webpage at www.helpsystems.com/powertech/ibm-i-security-study.