Last week I made some comments about Network Security Version 6 and the updated online training we recently offered. I got several questions about the “hook” of the new version, so I thought that I would give everyone a quick overview.

Before I get into the new features, let me provide some background for those of you that might not be familiar with what Network Security does for an organization. If you are already comfortable with the concept of network access, exit points and exit programs, then you may skip the italicized text below.

Back in the early days of the AS/400, the only way to access data was via a 5250 (green screen) application. This meant that we could easily secure the application data using only simple menus and command line restrictions. In the early 90’s, IBM responded to customer demand and enhanced the operating system to enable open access through network interfaces such as ODBC, FTP, and remote command. This had the effect of opening the database without the control of the menus. IBM also enabled a facility called exit points that allow the specification of programs to determine if a request should be honored or denied. Network Security is a suite of exit programs that are designed to provide two critical security functions—auditing and access control—for these requests.

If you would like to learn more, check out the Network Security product page on the PowerTech website

One of the first visual indications of the new version is found in the installation process. Gone are the days of having to manually upload a save file, restore the objects, and then run an installation routine. Instead, there is a great new installation wizard. This runs on a Windows PC to streamline the unpacking, uploading, and installation of the product from beginning to end. As one of the folks who installs this product countless times a year, I want to personally thank the person behind this enhancement! The wizard even removes itself from the PC upon completion, leaving only the new product administration guide as a lasting footprint.

Once the product is installed, there is a brand new activation process. As before, it is designed to register Network Security’s exit programs to the IBM exit points, but now the activation can be totally selective. This means that you may optionally choose to not monitor all of the exit points from day 1. Make a second pass (or more) through the activation process if you wish to activate any of the remaining exit programs subsequently.

When pulling up the Network Security’s main menu, the first thing that you will notice is that the options have been better streamlined with less nesting of menus inside menus. The interface is clean, concise, and intuitive. Some additional options have been added to support the new object rules, but most of the existing option numbers have remained the same to help with the transition.

Network Security continues to lead by its ability to control access at multiple different levels. We can set rules for users and locations that pertain to all functions within a service. We can further define rules that only apply to a specific function within a service, such as remote commands in FTP. Lastly, we can set rules for very specific requests, such as allowing the FTP download of file MYFILE from library MYLIB. Naturally, auditing and messaging from of any of these transactions was one of Network Security’s most sought after features.

The newest addition to the access control functionality comes with the ability to define “object rules.” In scenarios where you might not know the specific request being made (perhaps it can come in a different “flavor” every time), Network Security supports the ability to create and secure using an object list. This list is simply a definition of which objects are being secured by the list. Once defined, the security administrator can set rules that control the access to both data (if applicable) as well as the object itself. Imagine being able to prevent a file from being updated through an ODBC connection, regardless of the SQL statement being issued. Or perhaps you would like to audit any change requests for those particular objects, but not the entire application. While it is recommended to use transaction level rules first (as they are specific to a request), object rules introduce a new era in the capabilities of an already powerful exit program solution.

Behind the scenes, there are some other changes you will want to be aware of. We have standardized the name of installation library, authorization lists, and user profiles used by the application. If you are an existing customer, the installation wizard handles most of the upgrade process, and we have created a migration process for copying the rules from a prior version. Updated documentation has been created to guide you, and help is always just an e-mail or a phone call away.

If you are new to Network Security, or would simply like to get a “refresher,” then keep an eye out for the next round of online training. Alternatively, drop me a line and I will be happy to help you.

Our summer Webinar schedule is now in effect, and next week we will be talking to you about the 2010 State of IBM i Security study.

Drop me a line at robin.tatam@powertech.com for more information about PowerTech, or visit www.powertech.com.

Cheers!

- rt

This entry was posted on Thursday, July 8th, 2010 at 8:58 am and is filed under Other, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.