• No results found

FirewallTM. isecurity. Out-of-the Box. The Network Security Component of. Version 14. Copyright Raz-Lee Security Ltd.

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "FirewallTM. isecurity. Out-of-the Box. The Network Security Component of. Version 14. Copyright Raz-Lee Security Ltd."

Copied!
11
0
0

Loading.... (view fulltext now)

Download now ( 11 Page )

Full text

(1)

Firewall

TM

The Network Security Component of

i

S

ecurity

Out-of-the Box

Version 14

(2)

This guide is intended to provide as a quick beginning to the principal features of Firewall. Please refer to the User Manual for detailed procedures and explanations. For installation procedures, see the iSecurity Installation Guide.

Overview

Firewall is a truly comprehensive network security solution that completely secures your iSeries against all known external threats, and also controls what users are allowed to do after access is granted.

Setting Initial Firewall Security

1. From the type STRFW and press Enter twice. The Firewall main screen appears.

Firewall Main Screen

2. Set Firewall to *FYI (“For Your Information” = simulation mode) by selecting 1. Activation and Server Setting > 11. Set *FYI (Simulation) from the Activation screen.

(3)

Work in *FYI* Simulation Mode

4. In order to gather activity data for subsequent analysis, enable protection for all servers and enable logging of all transactions into the activity log. Select option 1. Activation and Server Setting form the main menu, and1. Work with Servers from the Firewall main screen.

5. SelectF22=Global Settingfrom the Work with Server Security screen. The Global Server Security Settings screen appears.

6. Set the Global Server Security Settings screen to the following:

ƒ Exit point group………...*ALL

ƒ Secure………....*YES

ƒ Check...*MAX

ƒ IP/SNA address firewall……....*NO

ƒ Log………...*YES

ƒ Allow Action to react…...

(4)

GlobalServer Security Settings

7. If other software was installed prior to this (identify this by seeing “Other” under the column

Security on the previous list of servers), and you want to replace it, make sure the last item is set to *YES.

8. Wait one day to a week for the Firewall log to generate data.

NOTE: In some cases a restart of QSERVER is required for FULL implementation. This can be delayed until next IPL.

When QSERVER is restarted, NETSERVER will be restarted automatically if it was active.

User Security

User security rules control access to server functions by individual users, profiles groups and Firewall

user groups. You may also grant users *ALLOBJ (all objects security) for native OS/400 and IFS objects as a part of this definition.

• To work with user-to-service security, select 11. Usersand Groups from the main menu. The Work with User Security screen appears.

(5)

Work with User Security

• Press F6 to add a new user to the list and set security definitions for him.

• Press F7 to create Firewall user groups to simplify the process of creating rules for many different users. Firewall user groups are separate from OS/400 profile groups.

• To group users by applications, select 12. Applications from the main menu.

• To group users by location, select 13. Locations from the main menu.

• To create Time Groups, select 49. Time Groups from the main menu.

(6)

Object Security

Object security controls access to objects originating from specific external sources such as FTP, REXEC, ODBC, etc. You may define specifically which operations an external user is allowed to perform on these objects. Rules may be defined for the following object types: files, libraries, data queues, printer files, programs, commands and IFS objects.

Firewall can restrict a user’s ability to perform specific actions, such as read, write, create, delete, rename, run, etc., on protected objects.

Working with Native OS/400 Objects

1. Select 21. Native AS/400 Objects from the main menu.

2. Select an object type from the Object Security menu and then elect an existing rule to modify or add a new rule.

Native AS/400 Objects Security

Working with IFS Objects

1. Select 22. IFS (QDLS,NFS,QOpenSys...) from the main menu.

2. To set definitions select option 1. IFS Object Usage the Work with IFS Security screen appears.

(7)

Work with IFS Security

Firewall supports exceptions to command restrictions. Use option 9. Command Exceptions on the Object Security menu to work with this feature.

Working with Logon Security

Logon security rules define logon attributes for specific combinations of IP addresses (or SNA names) and user profiles. In addition, logon security rules can control what a user is permitted to do subsequent to logon

Working with Firewall Rules

Rule Wizards make security rule definition a snap. This feature allows you to view historical activity together with the security rule currently in effect on a single screen. You can even modify the existing rule or define a new rule without leaving the wizard! Rule Wizards are an invaluable tool for defining the initial set of rules after installing Firewall the first time. Rule Wizards are available for:

• Incoming IP Address Rules

• Outgoing IP Address

• User Rules (scroll to screen 2)

• Native Objects

• IFS Objects

To work with Firewall rules, follow this simple procedure.

1. Select 41. Rule Wizards from the Firewall main screen. The Rule Wizards - Screen 1

appears.

(8)

3. Select Create Working Data Set to define the scope/range of the historical activity data to be examined by the wizard, and enter data.

4. Select Work with Rule Wizard to display the Plan Security screen for the appropriate wizard. Use this screen to compare historical activity with the security rule currently in force and to revise this rule if appropriate.

5. Select Update Rules to apply the rule changes.

Rule Wizards

Working with Firewall Logs

The activity log provides complete details of every transaction captured by a security rule.

(9)

Query Wizard

1. Select 1. Work with Queriestochoose one of the many pre-defined queries

Work with Queries

2. Type 1=Select to modify – 3=Copy or5=Run to run the query interactive,8= Run as batch jobor6=Print:

• Select preferredOutput file type (*PDF, *HTML, *CSV …) and pressEnter

Run Firewall Query

• Type*MAIL in theObject field, pressPage Downand enter the email address you want the file to be sent to in the Mail tofield.

(10)

Run Firewall Query

• Press Enterto run the print

Log

1. Select 19. Select from Menu tochoose one of the many pre-defined log display options.

(11)

Advanced Security Features

You may create several different types of advanced security rules, such as:

• DDM/DRDA security

• DHCP security

• TCP/IP port restrictions.

• License usage security

To access these features, select 42. Advanced Security Features from the main menu and choose one of the options from the Advanced Security Features menu.

References

Download now ( PDF - 11 Page - 1.07 MB )

Related documents

Intra-household inequality and child welfare in Argentina

35 Female labor participation may generate many intra-household effects: time allocation effects (e.g., both parents working have less time to allocate to child care or domestic

Chorionic thickness and PlGF concentrations as early predictors of small-for-gestational age birth weight in a low risk population

A statistically significant negative correlation was dem- onstrated in the study cohort between the maternal serum PIGF levels, foetal heart rate (FHR), birth weight and length,

Towards a political economy of republicanism : a critical assessment of Alaska's basic income scheme

En efecto, así como los libertarianos ven en cual- quier forma de intervención del Estado una fuente inevitable de interferencias arbitrarias –con la excepción de aquella acción

The HIPAA Security Rule

Formal mechanism for processing records Administrative Procedures Site Security Policy Technical Services Information access control Sanction Policy Assigned security

Overview of the HIPAA Security Rule

•  Section 13411 of the HITECH Act requires HHS to provide for periodic audits to ensure covered entities and business associates are complying with the HIPAA Privacy and.

Preparing for the HIPAA Security Rule

In general, the Privacy Rule covers protected health information (PHI) in all forms while the Security Rule only covers PHI in electronic form.. What does HIPAA mean by “EPHI”

Ceremony Venue: Sand Dune Our Sand Dune ceremony area can accommodate up to 200 guests. Reception Venue: Grand Ballroom

Upgraded Linens & Napkins Available in Various Colors + Fabrics for Sweetheart, Guest Rounds, & Cake Tables Hotel White Spandex Linens for Cocktail Tables, Place Card

REQUIRED SKILLS AND KNOWLEDGE OF COST ENGINEERING TCM Framework: General Reference (All Sections)

Returning to the Constitution and Bylaws definition, understanding and managing the cost dimensions requires skills and knowledge in “business and program planning; cost