By Robin Tatam

When I began my career on the AS/400 more years ago than I care to reveal, life was simple—“dumb terminals” ruled the computing kingdom and subfile displays were considered cutting edge. Application menus blocked users from direct database access and security‑conscious administrators could set up a profile to limit user capabilities to a few basic commands.

Then, things got complicated. First, everyone flocked to programmable workstations, better known as PCs. As a result, business software, including spreadsheet applications, developed rapidly. And, because core line‑of‑business applications were still running on the AS/400, file transfers between PCs and servers became common.

Pandora’s Box
IBM responded to the new market demands for open database access by building TCP connectivity into the AS/400 (now re-branded as the iSeries). In addition to the traditional 5250-based “green screen” applications, the iSeries could now be accessed through File Transfer Protocol (FTP), Open Database Connectivity (ODBC), Distributed Data Management (DDM), and other interfaces. No one thought much about the security ramifications, but it was like opening Pandora’s Box!

Fast forward through a few server name changes to the current day…

Because all of these interfaces connect directly to the server’s database, the menus that historically restricted green screen users are no longer effective. The “secure menu” has become a thing of the past; now, we must rely on…[more]

PowerTech has taken the plunge into social media to keep you abreast of the latest information about computer security issues. You can read our blog or follow us on Twitter to get the latest updates. 

Plus, we've prepared a special article on the Basics of Tweeting for those of you interesting in learning more about this new method of communicating.

Q: How can I set up Authority Broker to run event reports automatically?
A: You can schedule Authority Broker reports by using the LEVENTRPT command. You can find this command in both QGPL and the Authority Broker library and an you can add it to the existing job scheduler to run on the desired day and time.

Note: To use the LEVENTRPT command to create reports, you must add your user profile to the POWERABRPT authorization list with *USE rights.

Q: Where does Network Security record its audit entries?
A: By default, Network Security audit entries are recorded in the IBM Audit Journal, QAUDJRN. However, you are not limited to using QAUDJRN and may specify any journal you choose. All Network Security journal entry types fall under the journal entry code ‘U’. The journal entry types are:

• NA = Allow. A rule was found to allow the transaction to continue.
• NR = Rejected. A rule was found to disallow the transaction from continuing.