|
Frequently Asked Questions
Q: Can I export NetworkSecurity
reports for viewing on a PC?
A: Yes. PowerLock NetworkSecurity
version 4.7.1 introduced new functionality to allow the export
of reports to comma separated value (.csv) format files. It is
easy to transfer these files from the IFS for viewing in common
PC analysis software like MS Excel.
Read the full instructions on how to use PowerLock
NetworkSecurity Excel Macros
Download and view a sample NetworkSecurity
report (4 Mb) in MS
Excel
Download the MS
Excel Macros
Q: Why do I need PowerLock
NetworkSecurity when the iSeries is the most secure server in the
world”?
A:
The iSeries and AS/400 security architectures are very robust,
having received the Department of Defense "C2" security
rating for "Trusted Systems" when properly configured.
Unfortunately, too many iSeries systems are not properly configured.
End users can access OS/400 data via tools like ODBC, FTP, and
DDM. The security exposures introduced by network data access tools
like FTP and ODBC do not indicate a failing on the part of iSeries
and AS/400 security. Rather, the data access level you provide
to a user via iSeries and AS/400 security for "Green Screen" access
using menus and screens may not be the same level of access you
want to allow using network tools like ODBC. For instance, the
OS/400 authority that allows a user to view the contents of
the Payroll file is the same authority needed to download the file to
a PC and post it on the Internet.
Q: What does PowerLock NetworkSecurity do?
A: PowerLock NetworkSecurity
interfaces directly with AS/400 and iSeries network access points
to control and audit AS/400 and iSeries network access requests.
PowerLock NetworkSecurity provides intrusion detection and access
control for iSeries systems. PowerLock NetworkSecurity alerts the
system administrator when unauthorized access is attempted through
the network.
Q: Does PowerLock NetworkSecurity include a reporting module?
A: Yes, PowerLock
NetworkSecurity includes auditing, reporting, and network access
control without having to purchase any additional software.
Q: What product values are required for PowerLock NetworkSecurity
and are they set up as part of the installation?
A: The following product
values are created as part of the PowerLock NetworkSecurity installation
process: Product Owner, Product Library, Product Administrator,
Log Journal Name and Log Journal Library, Log Message Queue Name
and Log Message Queue Library.
Q: Does PowerLock NetworkSecurity interface with IBM Operations
Navigator?
A: The graphical user
interface (GUI) provided with PowerLock NetworkSecurity is a plugin
to IBM’s
Operations Navigator (Ops Nav). When you perform the installation
of PowerLock NetworkSecurity on your iSeries or AS/400, you also
install the files necessary for the Ops Nav plugin.
Q: Does PowerLock NetworkSecurity protect against users with IBM
Operations Navigator?
A: Yes. PowerLock
NetworkSecurity can control which users are allowed to use IBM’s Operations
Navigator.
Q: Do the servers need to be stopped and restarted to activate
a new security rule?
A: When you create
a new rule in PowerLock NetworkSecurity it is activated and implemented
immediately without stopping and restarting servers.
Q: What does the unique PowerLock NetworkSecurity “switch profile” function
do?
A: PowerLock NetworkSecurity
switch profile allows the administrator to decrease or increase
a user's authority for a specific function. For example, if a user
profile has authority to change or delete almost any file on the
system and to run most commands using FTP's Remote Command facility,
but you want to limit the capability when running FTP requests,
PowerLock NetworkSecurity will switch to another userID with READ
ONLY whenever FTP is run.
Q: Can users without PowerLock NetworkSecurity configuration authority
run and review reports?
A: Yes, PowerLock
NetworkSecurity is designed so non technical users can run reports
and view reports if granted the proper authority.
Q: Does PowerLock NetworkSecurity have transaction level security?
A: Yes. PowerLock NetworkSecurity
transaction level security is used when you need to be more granular
than controlling your network traffic based on the user making
the request or their location. Say you want to disallow all FTP
requests except for when Bob uses FTP to download the accounts
receivable file. Or, maybe you want to allow all SQL queries against
all files on your system, except if they are trying to access the
payroll file. Transaction level security assures this granular
level of security is maintained by controlling what transactions
are allowed to flow into or out of your system.
|