AS400 Security Software - Bsafe

‘AS400' is arguably the most popular of the many names given by IBM to their line of midrange business computers, that started with the System/38 in 1980 and has since been termed iSeries, System i and IBM i. More than 30 years on, much of the System 38's original security concept and character has been retained. The built-in AS400 system security has been developed to cope with changing security needs and is highly robust but today it is complemented with third party AS400 security software products.

The earliest category of products to enhance the standard AS400 security software appeared at the beginning of the millennium when IBM opened the OS400 operating system to the integration of custom-written exit programs at critical system processing stages called exit points. The move allowed third party system and security tool developers to fill in the gaps that became apparent as TCP IP came to be used more and more. The adoption into the system of widespread communication protocols gave birth to AS400 FTP, AS400 ODBC and others.

The exit point mechanism provides a way to add user-defined processing to the computer's communication paths, with an emphasis on remote communication. An example is making an OBDC connection from another computer on the network to the AS400. The standard AS400 security software in the OS400 operating system handles the authentication of the user, who must enter a valid user profile on the system and the object authority afforded to that profile in the object definition. The exit point program adds a further level of authorization checking - that of whether the kind of access by the user to the object is permissible, both at connection time and for each communication thereafter. This is important because ODBC provides a path to accessing the data of a business system directly, without going through the business logic dictated by the application. The result is an inherent vulnerability that the exit program can protect against with its own logic.

Just as important as protection, the exit program can log details of the connection and activity made through the open connection for later auditing. Once the exit programs have the appropriate information in hand, they simply need to save it for later use.

There are other AS400 security tools too. They include alerts, checking of system definitions, (forced application of system definition to a predefined policy, field masking and system auditing.

For more information on AS400 Security, Bsafe AS400 Security Software and other Bsafe data security software products, contact us today.