|
Guard your system unattended, day
and night
You can make your security policy
more aggressive and more proactive with the SmartConsole
automated actions, closing down security holes
immediately, around the clock, without operator intervention.
For example, you can protect against
changes to key system values, e.g. if the system security
level is unexpectedly changed from 50 to 30, the Security
Agent can automatically: change the security level
back to 50; end the job that made the change; disable
the user profile that was used; send an alert describing
what occurred….all done in seconds.
The Security Agent also provides
auditing reports that identify weaknesses and limitations,
allowing continuous improvement of your security policy.
It even reveals security holes caused by vendor packages,
so you can demand modifications.
Identify real security issues
The advanced filter criteria allow
you to fine-tune the Security Agent to pinpoint real
security issues, rather than everyday user mistakes.
For example, apparently isolated
events may be received in a short space of same time
- a failed sign-on attempt, rejected object or spool
file access. Those things can happen all the time
on your system. But the SmartConsole will notice that
they all came from the same user profile, or from
the same device, or the same IP address…and warn
you, or take action.
Integrate with other security systems
It is a valuable complement to other
systems, such as exit-point security, firewalls etc.;
those technologies control entrance to your system,
like a country's "customs control". The
Security Agent is your internal "police"
force, monitoring the activities of users inside your
system.
Unlike other dedicated security
solutions on the market, the Visual Message Center
product also manages your iSeries system messages,
Windows Event Logs, TCP/IP services and more. You
can achieve significant benefits in efficiency and
service level by consolidating security with those
operations management tasks.
 Technical
Overview
The iSeries Security Agent configures
system auditing rules, and then manages security-relevant
audit messages using powerful filters. The enriched
messages can be used to send immediate alerts, take
automated actions, audit system security and analyze
possible weaknesses.
The Security Agent detects events,
system-wide or by user:
Object auditing
Changes and access to objects,
e.g. delete, copy, rename, restore, authority change,
read, edit. Examples include:
- Delete, copy or edit database
file containing customer data
- Read or copy spool file
containing salary information
Command auditing
Any command line entries, e.g.
- commands run by suspect user profile
- use of sensitive commands
System configuration auditing
- Creation, modification of user
profiles, e.g. creation of suspicious new profile
- Changes to system auditing
- Changes to system values, e.g.
changes to system date, time, security level, IPL
info, action for number of failed sign-on attempts,
etc.
- Use of DST (Dedicated Services
Tools), e.g. changes to system configuration
Action auditing
- Authority failures, e.g. persistent
failed sign-on attempts, object access denied
- Programs changed to adopt authority
- Users obtaining adopted authority
- Profile swapping
Filters simplify event detection
and customization by allowing you to identify particular
objects, user profiles, commands. There is support
for generic, wildcard, date and time, text string,
and through extensive logical functions.
|
Real-time
security alerts - vital for any security project
