for iSeries, version 3.5
Complete Security Suite for iSeries (AS/400)
TCP/IP and SNA Connectivity
Someone may be manipulating information in
your organization…
- and you may never know about it!
If your iSeries (AS/400) is connected to a local or remote network, there are
weaknesses in your computer’s defenses. Even using a hardware firewall, your
computer is still open to attack from outside and misuse from within. Your data
can be viewed, changed and even deleted - without trace.
Bsafe/Global Security is a comprehensive security solution tailored for the
iSeries (AS/400) to prevent penetration of your system from the internet or other
networks. It is an unparalleled combination of exit-point access control, auditing,
reporting, monitoring and IDS early warning in a single product, all tightly
The
Benefits
of Bsafe/Global Security on your iSeries
•
Maximum protection of your iSeries
through rigid network access
control of users both outside and within your organization - including
authorized and power users.
•
Powerful auditing capabilities
to identify system and data access
events and trends.
•
Extensive reports and inquiries
to comply with tight auditing
demands.
•
Management of an ordered audit policy
made easy in the
Bsafe/Global Security intuitive GUI.
•
Compliance
with Sarbanes-Oxley and ISO 17799 and other rigid
requirements.
•
GUI interface
.
Bsafe/Global Security is the unchallenged leader not just
in functionality, but also in the clarity and user-friendliness of its PC
interface. It is this feature that brings advanced iSeries security and
auditing to experienced and inexperienced iSeries administrators alike.
•
Early warning –
the
built-in IDS (intrusion detection system) will alert
you of unauthorized access attempts, failed login attempts and other
activities the moment they occur.
•
A single, integrated product
comprising all the major security
functions: exit point access control, IDS, audit, policy definition and other
principal administration tasks through an intuitive PC interface.
•
ROI
.
Big savings in administration time, development time, in prevention
of data theft & misuse and in investigating suspicious events.
Architecture
Bsafe/Global Security uses client/server architecture. The essential protection and
reporting software resides internally within the iSeries (AS/400) giving a truly native security solution. Definitions and control are handled through a friendly and intuitive GUI interface on one or more PC’s on the network.
Bsafe/Global Security Architecture
The Essential Components
1. Intrusion Prevention System (IPS)
The IPS is the core of the Bsafe/Global Security product. It comprises: • Internet & Intranet Secure Gateway
• Network IP Address Control • Internet Users Control • Port Restrictions Control
The wide variety of iSeries (AS/400) application servers and services protected by Bsafe/Global Security includes:
Under TCP/IP:
Telnet, FTP, TFTP, Remote Command, Remote SQL, Database, Data Queue, ODBC, DDM, DRDA, IFS , Signon, File Server, Central Server, Message Server, Virtual Print, Network Print, WSG Logon and more.
Under SNA:
DDM, Pass through, Data Queue, File Transfer, DRDA, iSeries (AS/400) in the network.
Under System:
Delete Journal Receiver, Power Down System, System Attention Key.
Access can be secured down to the level of a single action (e.g. FTP delete, SQL select statement and OS400 commands which, while allowed in the normal work environment, become suspect when used via the network). At the object level, access can be
controlled to selected devices, libraries, files, commands, programs and IFS paths.
Network IP Address Control
The Network IP Address Manager is an integral part of management in TCP/IP Network Security. Upon activation of Bsafe/Global Security and the Traffic Analyzer, Network IP Address Manager provides a list of active IP addresses to help you determine restrictions and authorizations according to your organization's policy.
Internet Users Control
Bsafe/Global Security allows management of public internet users, authorized to activate specific applications within the iSeries (AS/400). This includes assignment of authorizations, including entry passwords to a specific validation list for each application.
Port Restrictions Control
Access to your iSeries (AS/400) ports is fully covered against penetration and may be restricted by application, protocol and authorized users.
2. Intrusion Detection System (IDS)
The moment an intrusion occurs real-time notification can be sent via several means, including on-line messages, email, SMS and/or others. The alert criteria are defined by you. Bsafe/Global Security currently supports the sending of messages under SNMP to the following lead products: IBM- Tivoli, HP-Openview, CA-Unicenter, Orange-Cellular, IBM-Teledrine.
3. Advanced Audit Journal and Report Manager
Bsafe/Global Security includes innovative GUI management of the System Journal Audit providing full supervision of the system journal audit including management of
journal receivers, audit policy definition and reports. The sophisticated interactive system journal log provides retrieval through filtering by different criteria. When
investigating attempts of security breaches, the advanced audit journal manager turns a previously complex and time-consuming task into a simple and efficient one.
The report manager contains 64 built-in reports, which can be previewed on the screen or printed. Additional reports can be defined by the administrator and saved for later reuse.
4. Graphical Network Traffic Analyzer
Bsafe/Global Security allows monitoring of all network requests to your iSeries
(AS/400) servers. Once logged, network requests are immediately available for analysis through a sophisticated system of filtering and graphical presentation. This feature
Network Traffic Distribution, Summary by Time
Network activity offset against time, filtered by event type, user and other criteria. The network traffic distribution function features an ECG-like graph and summarizes network requests by year, month, day and even hour.
5. Dataflow data integrity monitor
With Bsafe/Global Security Dataflow Database Integrity you can track changes in your data down to the level of a single item. Field values can be displayed from before and after the change accompanied by a full description of the environment at the time of the change including user, the program through which the change was made and more. The product has been designed for users who don’t necessarily possess a deep
knowledge of system commands. You can easily view changes in field values, or details of deleted and added records. Bsafe/Global Security Dataflow Database Integrity can assist you in making decisions regarding restoring of corrupted data.
6. Internal Security Manager
Bsafe Internal Security Manager manages iSeries (AS/400) internal security tools in one convenient easy-to-use GUI. It includes user profile and OS400 object authority
management along with an advanced audit journal and report manager.
User Profile Manager
Fast and powerful management of OS400 user profiles with maximum information displayed to the administrator and one-click operations.
Object Authority Manager
A flexible, easy-to-use and efficient means to handle permissions and restrictions to OS400 objects.
Bsafe/Global Security is controlled through a Windows-based client connected to your iSeries (AS/400). The product features a full graphical user interface, with one-click operations and on-line help. A single screen handles all the iSeries (AS/400) in your network simultaneously.
SSL & Crypto Access Support
Bsafe/Global Security includes SSL support and encrypts the data moving between the security administrator's PC client and the OS/400, through TCP/IP. This is accomplished through close integration with the IBM Digital Certificate Manager and the IBM Crypto Access Provider for OS/400.
National Language Support
The Bsafe/Global Security database fully supports any national language supported by the OS400 file system. Furthermore, the GUI interface may be tailored to any language supported by your PC.
Bsafe/Global Security Administration Role Manager
Through the Bsafe/Global Security administration role manager you can define different levels of security authorization for different members of your security team.
About Bsafe Information Systems
Bsafe Information Systems produces network and data security products for IBM
iSeries (AS/400), IBM zSeries (mainframe ), and open systems. In addition, the company manages custom projects in the security field.
For more than a decade the company has been providing security solutions to large organizations with high security demands such as banks, insurance companies and public institutions. Our experience and on-going development in security technology enable us to provide comprehensive and state-of-the art solutions for our clients.
Contact:
USA-West Coast
Mr. Dennis Bress 124 Opal Ave.
Newport Beach CA. 92662 Tel. +1 949 673 4243 [email protected]
For additional information, please contact your local representative or visit the Bsafe Solutions website at www.bsafesolutions.com
Copyright 2000-2004 Bsafe Software Solutions Ltd. All rights and privileges reserved.
All trademarks are property of their respective owners. Bsafe/Global Security Analyzer patent pending Bsafe/Global Security registered as IBM product no. 5620DLJ
* IBM Product