Case Study (Vendor-provided)
TCP/IP Concerns Drive Insurance Provider to Security Solution

Article Information

Article ID: 17147 Pub: iSeries Network Dept: Case Study - Vendor Provided Date: October 01, 2003  Printer Friendly Related Topics: • Security Other Articles By: Shimon Bouganim Article Feedback: • Submit feedback about this article

by Shimon Bouganim

U.S. Auto Holdings is an insurance company based in Nashville, Tennessee that specializes in non-standard automobile insurance programs. The company employs approximately 400 people in six states. U.S. Auto Holdings uses three centralized iSeries computers (two model 820s with four processors each and one model 810 with a single processor) connected via TCP/IP to its 111 branch offices. Headquarters provides online services to the branch offices, supplemented by nightly file uploads of transactions from the branches to the central computers via FTP.

At the time of implementation of its TCP/IP network in the first half of 2002, company and IT management realized the headquarters iSeries systems were vulnerable to unauthorized access via the network. In particular, the company was concerned about the potential deletion of libraries by unauthorized users and any event that might trigger a system shutdown during processing. An additional area of concern was the danger of damage from negligence on the part of the company's own users. However, use of remote terminals and file transfers across sites were a business necessity, so the company realized it needed a security solution.

In June 2002, U.S. Auto Holdings began a search of the trade press and the Internet for suitable security products. The search was conducted by the iSeries system group with the participation of senior management, auditors, and external security consultants. The team found, among other products, Bsafe Security Solutions, Ltd.'s Bsafe/iSeries Global Security. U.S. Auto Holdings was initially interested in the product because iSeries Global Security is a complete suite rather than a collection of individually offered modules.

U.S. Auto Holdings contacted KDP, a Bsafe business partner in the U.K., which recommended installation of the product on a 14-day trial basis. The installation went smoothly and KDP offered a short training session via telephone that was supplemented by additional training from Bsafe's Solutions Support team in Toronto, Ontario. After the trial period and some tests of other security products, the search team selected iSeries Global Security because of the ease of use of the product's Windows client interface and the flexibility of being able to define permissions for specific operations for each user.

"We particularly liked the fact that the many different functions needed for security management were combined into a single product, giving complete control from one menu. Time and resources needed for daily tasks were reduced dramatically," comments William R. Pentecost, U.S. Auto Holdings' CIO.

The company installed a licensed version of the product on two servers in September 2002. During installation, iSeries Global Security implemented security definitions automatically and U.S. Auto Holdings turned on the product's system-logging and intrusion-prevention features immediately to prevent damage from internal users and block unauthorized users from penetrating core resources. The branch office network was allowed to function for about two weeks, then the IT department inspected the logs and implemented more security policy decisions via product settings, based on which users had attempted to access what functions and what accesses were permitted or denied. Users were notified of policy changes via definitions of warning messages within the product's administrative tools.

After implementation, from time to time the security officer uses iSeries Global Security's graphical analysis tools to fine-tune settings. The product's GUI and policy management module use data gathered by its analyzer module to review network and system activity to make security policy adjustments on the fly and help handle system management team tasks. For example, the Network Analyzer module lets IT personnel review the network's online current status and traffic to each iSeries, make changes to policy or authorizations from the same screen, and have them take effect immediately without closing applications or conducting an IPL. Without using iSeries Global Security, some of the problems might not be identified or corrected for many additional hours.

After installation, iSeries Global Security's full network traffic monitoring features, such as the online log, let U.S. Auto Holdings identify unauthorized users trying to access the iSeries systems. Not only did this let security personnel prevent server penetration, it let them identify the application server that was the target of an attack, the protocol used, and the IP address from which the attack originated.

Other iSeries Global Security features help system administrators perform additional security management tasks, such as authorizing access to specific objects and conducting system and network auditing activities. Following many months of experience with the product, U.S. Auto Holdings expanded its network and purchased more product licenses in June 2003.

"Installing Bsafe's iSeries Global Security is one of the best investments we have ever made," concludes Pentecost.

Shimon Bouganim has more than 20 years of experience in the design, development, and marketing of security solutions for iSeries and other open platforms. He holds an engineering degree in computer science.