. Kisco Home : products : SafeNet/400 : Product Summary .
.

SafeNet/400 protects your iSeries system from unwanted and unauthorized access via network connections, including the Internet. It lets authorized users do the work they need while keeping unauthorized users out. Modern network connections, like Client Access/400, FTP, ODBC and others, can leave the information on your AS/400 exposed. SafeNet/400 closes this exposure, and it does it without forcing you to change the way you already have your system set up.

The iSeries-AS/400 has changed much over the last few years. In the process, it has changed its role in most organizations from a centralized processor to a decentralized server. In the old days, you could easily point to the wealth of data security features built into OS/400. This gave you a feeling of confidence in the integrity of your data. With the recent changes, your confidence may not be as high, and rightly so!

Most iSeries-AS/400 installations support attached PC's in some form of Client/Server function. For some shops, this takes the form of PC's that are simply running terminal and printer emulation. Many more shops are running a variety of Client/Server functions on these PC's. Neither of these arrangements bodes well in the area of network security; read on.

Did you know ....

  • Many Client/Server functions bypass traditional OS/400 security checking unless you have fully implemented object level security.
  • Without this same full implementation of object level security, a PC-based Client database tool, such as Microsoft Access, can ACCESS any data file on your system.
  • That same MS Access user can UPDATE any data file on your system.
  • The same MS Access user can even DELETE records or files on your system.
While it is true that you can trust most employees, accidents, not intent, cause most incidents of data loss. Further, if you have implemented traditional iSeries applications using menus and iSeries programming, you may have been required to grant full object authority to many users. You may not want these same users to have full object authority when they access your system via Client Server functions. Using traditional iSeries applications, the application controls how much data access is granted. Object security, however, cannot be as context selective for granting rights to access information.

The news, however, is not all bad.

SafeNet/400, a security product for the IBM AS/400 developed by MP Associates of Westchester, addresses these and other concerns with an easy-to-use solution. This new tool, now available as Release 8, gives you full control over users who access your system via network connections. Check our partial list of customers currently using Safenet/400 to protect their systems..

SafeNet/400 enables client/server security on your AS/400 using IBM's Exit Points. It supports a variety of controls from simple logging of all activity to completely restricting access to system functions and data. And it does this in a completely non-invasive manner. No changes are made to your existing OS/400 security setup. No additional user profiles are needed nor are normal OS/400 security features changed or overridden in any way. SafeNet/400 is simply an additional layer of security that is placed over standard OS/400 security to secure information requests from attached systems.

Check out these features:

  • Request Logging - With basic use, SafeNet/400 tracks each request coming from a client into the iSeries. It stores this information in a log that you can review. You can see who is accessing your system, which server function on the iSeries they are using, and what data or objects they are using.

  • Audit Reports - SafeNet/400 provides valuable insight about the clients that are connecting to your system. Information includes the version, release and modification level of the licensed programs the clients are using. For example, using SafeNet/400, you can tell which PCS are still using PC Support/400 and which ones have been updated to Client Access/400.

  • Limit Access to Server Functions, Based on User Profile - SafeNet/400 can limit access to specific server functions on the AS/400 based on the individual's user profile.

  • Exclude Server Functions - SafeNet/400 can turn off individual server functions. For example, you can completely exclude the file transfer function for all users on your iSeries if you wish.

  • Limit Access to Objects within Server Functions, Based on User Profile - SafeNet/400 can implement object level security over clients that are accessing the various server functions on the iSeries. Authority is granted by user profile to the individual servers. Then it grants each user authority to objects on the system.

  • Control Internet/Intranet Access - SafeNet/400 lets you limit Internet/Intranet access to specific workstations and IP addresses that you define. All others are automatically rejected when they attempt to use FTP, Telnet or WSG (Work Station Gateway) on your system. SafeNet/400 even lets you set up controlled use of Anonymous FTP on your system.

  • Control Remote Commands - SafeNet/400 lets you specify which users can submit remote commands to your AS/400 and what specific commands they are allowed to use. This control is provided for remote CL commands and for remote FTP commands.

  • Customer Exit Programs - SafeNet/400 gives you control over exit processing for any specific requirements that you have which are not covered by SafeNet/400. Each exit point can optionally call an exit routine that you provide for additional processing that is unique to your installation.

  • Time-of-Day, Day-of-Week Controls - lets you shut down server functions for selected users during non-business hours thereby significantly reducing your security exposure. This can also be extended to specific days of the week and holidays.

We designed SafeNet/400 for any installation where intelligent clients (PCs) are attached to an iSeries server. These clients have access to the data on the iSeries whether they access the system through a LAN or twinax connection, whether they are local or remote, or whether there is a single iSeries or multiple systems.

SafeNet/400 comes in four different "flavors" as follows:

SafeNet/400 Lite - is the same product that we formerly sold under the name "NSafe/400 Lite". This is a subset of SafeNet/400 Basic that provides network access controls down to the user-to-server level. It does not provide object level controls. Current NSafe/400 Lite customers will receive and upgrade to SafeNet/400 Lite for the new release.

SafeNet/400 Basic - is the same product that we have been selling as "SafeNet/400" since December 1996. It includes all of the network access controls available down to the user-to-object level. It is managed through a series of "green screen" interface displays.

SafeNet/400 Advanced - includes all the features of SafeNet/400 Basic plus the addition of our new Nav-Central PC client interface. This desktop tool lets you move away from the green screen interface for easier maintenance of your network environment on your iSeries-AS/400 platform. The Advanced product will work in a single system environment. SafeNet/400 Advanced also includes a copy of Norton AntiVirus for use in protecting the files in your IFS from computer viruses. This comes with complete instructions on how to best implement Norton AntiVirus in an iSeries-AS/400 environment. When you place an order for a free trial of SafeNet/400, this is the version that we will send to you.

SafeNet/400 Enterprise - includes all of the features of SafeNet/400 Advanced plus it allows you to manage multiple iSeries-AS/400 systems from a single desktop interface using the new Nav-Central PC client. Only one Enterprise upgrade fee is necessary to manage an entire network of systems.

How does SafeNet/400 work?

SafeNet/400 captures every incoming request from clients who attempt to access server functions of OS/400. These include SQL, ODBC, PC file transfers, FTP and more. It looks at each request, then acts on each depending on how much security that you have defined. Rules for your iSeries are checked. When it receives a legitimate request, it grants access and the information is processed. When they make a request that it does not permit, it rejects it and the information is not processed. Using this approach, SafeNet/400 lets you leave your iSeries setup and configuration in place, unlike a lot of other security products that force you to make invasive changes in the way you do things.

What is a Server?

With Client Access, IBM provides many basic client/server functions such as file transfer, remote printing, file serving through shared folders and access to the IFS. Each function in Client Access uses both client and server programs. For instance, the file transfer process uses a program on the PC (the client) to request a file from the AS/400 (the server).

However, don't think of the iSeries as a traditional file server. It has several specialized server functions included as part of OS/400. Each request from a client uses one of these server functions on the iSeries.

SafeNet/400 protects your system by interrogating requests to each server function and imposing the rules that you set up. This controls who gets access to your system and how much access they are granted. It does not replace or override OS/400 security. It works on top of OS/400. If you allow a user the right to delete a file through SafeNet/400, but OS/400 does not allow the same authority, then it will reject the request. Conversely, if OS/400 allows data deletion rights and SafeNet/400 does not, then it will also reject the request.

To get a better idea how this works, look at this diagram. It provides a visual image that helps to clarify where SafeNet/400 fits in your system. As you can see, without SafeNet/400, you may have a significant security exposure.

You should also check our on-line demo. Take a look at our partial list of customers currently using Safenet/400 too.

SafeNet/400, developed by MP Associates of Westchester, is now available from Kisco Information Systems for a FREE TRIAL. Just place your order here. We'll ship a full working copy of the software to you for a FREE 30-day trial. Along with the software, we'll include an invoice for the software. At the end of the trial, you can either pay the invoice or return the software. It's that simple and there is no risk to you.

If you decide to purchase SafeNet/400, the price starts at $2,195.00 for up to 25 attached client systems. Check our price schedule if you have more than 25 users. Discounts are also available for installations with multiple iSeries systems installed.

Software support is FREE for your first year of ownership. After your initial period, annual software support will be available for 15% of the purchase price. Support will include unlimited telephone support, defect correction and free release updates.

We look forward to hearing from you. If we can help clarify any SafeNet/400 features, please call us at (518) 897-5002.

Do you have questions about SafeNet/400? E-mail them to us:

Price Information

Base price: $2,195.00 for license that covers 25 network users. License for additional users available.

Maintenance: Free for first year of ownership. Annual fee equal to 15% of the purchase price thereafter.

Ordering Information

Available for FREE 30 day trial

Place your order here for a FREE trial of SafeNet/400.

When ordering, check for PTF's that may be required on your system.

 .
.
Kisco Information Systems 89 Church Street, Saranac Lake, NY 12983
phone: 518.897.5002 | fax: 518.897.5003
sales@kisco.com about kisco kisco products product support kisco consulting services useful links