AS/400 security

rixone

rixone

Active Member
We are using an iSeries (AS/400) as our entreprise server. The concern is that functionality such as ODBC, FTP, etc. can be a security liablility. Does anyone know of any guidelines for handling these or back-door security?
Thanks!!
 
Sure...signon security is not the problem.... It the way users could bypass that and come in through the back door directly onto the server....
 
My company bought a 3rd party software package from PowerTech called PowerLock Network Security... you can actually track who is doing what to your AS/400 from FTP, to ODBC connections, to Remote commands, etc. That way you know who is doing what on your iSeries.
Check them out: www.powertech.com
 
Powerlock is good option (as noted by Diane). Also, you may want to check out PentaSafe.
 
The tools referred are good security tools. Pentasafe I know has programs to use as exit programs so that you can select who can use a particular function. But really, it all gets down to the database and securing your objects. You need a security plan that says what users can view/update tables via any third party application. JDE has written documentation and programs regarding this, in the JDE implementation Redbook you can find references to these. They have a command SETOWAUT that sets up object security on your libraries. I don't specifically agree with their attempt. I've written a paper on all of the AS/400 security that needs to be reviewed. It was written for World Software, but OneWorld should be secured the same way, just with added authorities on more libraries. I've published the World Software Security paper on www.jdetips.com. I started the OneWorld paper and decided to use the World paper as a base and just add some of what is in the redbook for OneWorld.
 

Attachments

  • 59431-Securing World Software.doc
    96.5 KB · Views: 177
Back
Top