System i Software

Firewall

Firewall protects and secures all types of access, to and from the System i, within or outside the organization, under all types of communication protocols. This robust, cost-effective security solution is by far the most intuitive and easy-to-use security software product on the market today. As part of iSecurity’s intrusion prevention system, Firewall manages user profile status, secures entry via pre-defined entry points, and profiles activity by time. Its “top-down” functional design and intuitive logic creates a work environment that even System i novices can master in minutes. Firewall features a user-friendly, Java-based GUI in addition to the traditional green-screen interface.

The Firewall Solution

Technological advances of recent years forced IBM to open up the System i to the rest of the world. This new access to System i data brought with it many of the security risks inherent in distributed environments. System administrators need to equip themselves with a new generation of security tools to combat these evolving threats.

Clear, easy navigation through hierarchy-based levels provide for quick, streamlined usage

Graphically analyze and report on Firewall logs

View specific Firewall log information

Firewall enhances the native System i by controlling access via all known external sources and controlling precisely what users are permitted to do once access is granted.

Key Features

• Incoming and outgoing TCP/IP address filtering for Internet, FTP, REXEC, Telnet, and DHCP
• Remote system (SNA) firewall protection for DDM, DRDA and Pass-through operations
• Intrusion Prevention System that triggers alerts and proactive responses to the security administrator via MSGQ, email or cell phone
• Customizable password dictionaries containing common or system specific words that cannot be used as passwords
• User Management capabilities containing comprehensive information and management of all user profiles, including sign-on time control
• Terminal screen security that protects unattended terminal screens, including PCs running terminal emulation software, from unauthorized use
• Built-in business intelligence tool that enables IT managers to graphically analyze security related system activity quickly and easily

User Security

• User-to-server security for all server functions and exit points
• Verb support provides control over the execution of commands for specific servers
• Internal profile groups simplify rule creation for specific groups of users
• DDM/DRDA security including pre- and post- validation user swapping
• Protection over user sign-on from Telnet - limits user access to specific IP’s and terminals
• Login control, including alternate user name support, for FTP, REXEC, WSG and Pass-through
• User-definable exit program support (global and per server)
• User management and statistics tools ease system and security tasks

Object Security

• Controls object access at the level of specific action, such as read, write, delete, rename, run, etc
• Secures native System i and IFS objects
• Protects files, libraries, programs, commands, data queues and print files
• Definable rule exceptions for specific users??

Server-Specific Configuration Settings

• Total user control over which transactions are logged and displayed
• Many pre-defined queries and reports
• Powerful report generator
• Wizard to generate accurate reports from Firewall log
• Redirecting output to an output file for further processing
• Print all Firewall definitions for review and documentation
• Flexible report scheduler enables reports processing at off peak
• Modify rules directly from Firewall log

Benefits

• Protects all System i exit points and servers - more than any other product on the market!
• Protects all communication protocols (TCP/IP, FTP, Telnet, WSG, Passthrough, etc.)
• Precisely controls what users may do after access is granted - unlike standard firewall products
• "Best-Fit" algorithm minimizes throughput delays by rapidly and efficiently applying security rules
• Rule Wizards dramatically simplify security rule definition
• State-of-the-art intrusion prevention guards against hackers
• Standard firewall protection provides IP address and SNA name filtering
• Protects both native and IFS objects - all of your databases are secured
• Remote logon security limits IP address to specific users at specific times
• Automatic sign-on with alternate user profile (usually with restricted authorities) enhances security when authorize users connect from remote locations
• Powerful report generator and scheduler