AS/400 Security Update

  At my current client, we have implemented a security package called PentaSafe which performed an initial security checkup of system values and continually evaluates the status of all user profiles on the system. It also has an excellent set of Exit Programs to monitor the IFS and AS/400 File Downloads. It will notify staff (more than one if you want) if an "unapproved" user downloads or accesses or touches files via Client Access or Network Neighborhood or FTP. It uses an "approved" database of users, actions and objects - where approval can be granted at the file-level, library-level or folder-level. There is even time-lock controls to limit the timeframe of the access of approved users, to thwart any after-hour accesses.

I also know of similar products on the market performing the same functions, one of which is PowerLock. I heartily endorse getting one of these "Exit Program Tools" to protect your AS/400 data. Remember that the access of the IFS and AS/400 libraries is not always protected by the standard user profile setup for "green screen" access.

I feel using this kind of package coupled with pager software is the best approach to securing your AS/400 data. Even though there is resistance within many AS/400 shops to purchasing these tools, I feel they should be included in budgets right next to Anti-Virus software for your PC’s.

Also, I have found that the original Client Access (product XD1) allowed anyone full access to IFS files. The newer Client Access Express (product XE1) allows Operations Navigator to assign File Shares (like NT) to folders on the AS/400 IFS, which again is the desired approach to security. And this approach using "folder-shares" is familiar enough so NT Administrators will feel right at home within the AS400 IFS File System. Incidentally, regular Client Access will no longer be supported after May 2001 when V5R1 arrives, so plan now to start rolling out Client Access Express to your users.

I have been looking for a more user-friendly FTP method and at the November monthly meeting, I reviewed a GUI File Utility similar to DBU called Surveyor/400 from Linoma Software. This free-download Java tool allows file editing, shows file information and also includes a GUI for FTP. However, I could not get the FTP utility to work and I found the GUI screens hung several times. All in all, I cannot endorse this software yet, and will stick to good ‘ole DBU from ProData. You can read my presentation at www.axs2000.net/jvoris.

Hope to see you all at the DVCUG events. Feel free to send me your comments or suggestions for topics at DVCUG meetings.

John Voris Consulting Inc

jvoris@axs2000.net www.axs2000.net/jvoris

 

Return to Home Page