SafeNet/i protects your iSeries system from unwanted and unauthorized access via network connections, including the Internet. It lets authorized users do the work they need while keeping unauthorized users out. Modern network connections, like iSeries Access, Access Client Solutions, FTP, ODBC and others, can leave the information on your IBM i exposed. SafeNet/i closes this exposure, and it does it without forcing you to change the way you already have your system set up.
The IBM i (Power System/i, iSeries, IBM i) has changed much over the last few years. In the process, it has changed its role in most organizations from a centralized processor to a decentralized server. In the old days, you could easily point to the wealth of data security features built into the IBM i OS. This gave you a feeling of confidence in the integrity of your data. With the recent changes, your confidence may not be as high, and rightly so!
Every IBM i installation now supports attached PC's in some form of Client/Server function. For some shops, this takes the form of PC's that are simply running terminal and printer emulation. Many more shops are running a variety of Client/Server functions on these PC's. Neither of these arrangements bodes well in the area of network security; read on.
Did you know ....
While it is true that you can trust most employees, accidents, not intent, cause most incidents of data loss. Further, if you have implemented traditional iSeries applications using menus and iSeries programming, you may have been required to grant full object authority to many users. You may not want these same users to have full object authority when they access your system via Client Server functions. Using traditional iSeries applications, the application controls how much data access is granted. Object security, however, cannot be as context selective for granting rights to access information.
The news, however, is not all bad.
SafeNet/i, a security product for the IBM i developed by MP Associates of Westchester, addresses these and other concerns with an easy-to-use solution. This tool, now available as Release 11, gives you full control over users who access your system via network connections. Check our partial list of customers currently using SafeNet/i to protect their systems..
SafeNet/i enables client/server security on your IBM i using IBM's Exit Points. It supports a variety of controls from simple logging of all activity to completely restricting access to system functions and data. And it does this in a completely non-invasive manner. No changes are made to your existing IBM i/OS security setup. No additional user profiles are needed nor are normal IBM i/OS security features changed or overridden in any way. SafeNet/i is simply an additional layer of security that is placed over standard IBM i/OS security to secure information requests from attached systems.
Check out these features:
We designed SafeNet/i for any installation where intelligent clients (PCs) are attached to an iSeries server. These clients have access to the data on the iSeries whether they access the system through a local or remote connection, or whether there is a single iSeries or multiple systems.
SafeNet/i comes in two "flavors":
SafeNet/i Lite - is the same product that we formerly sold under the name "NSafe/400 Lite". This is a subset of SafeNet/i that provides network access controls down to the user-to-server level. It does not provide object level controls.
SafeNet/i - is the same product that we have been selling as "SafeNet/400" since December 1996. It includes all of the network access controls available down to the user-to-object level. It is managed through a series of "green screen" interface displays. You can also manage the product using our "Web Central" browser interface for a smooth GUI experience.
How does SafeNet/i work?
SafeNet/i captures every incoming request from clients who attempt to access server functions of IBM i/OS. These include SQL, ODBC, PC file transfers, FTP and more. It looks at each request, then acts on each depending on how much security that you have defined. Rules for your iSeries are checked. When it receives a legitimate request, it grants access and the information is processed. When they make a request that it does not permit, it rejects it and the information is not processed. Using this approach, SafeNet/i lets you leave your iSeries setup and configuration in place, unlike a lot of other security products that force you to make invasive changes in the way you do things.
What is a Server?
With Client Access, IBM provides many basic client/server functions such as file transfer, remote printing, file serving through shared folders and access to the IFS. Each function in Client Access uses both client and server programs. For instance, the file transfer process uses a program on the PC (the client) to request a file from the IBM i (the server).
However, don't think of the iSeries as a traditional file server. It has several specialized server functions included as part of IBM i/OS. Each request from a client uses one of these server functions on the iSeries.
SafeNet/i protects your system by interrogating requests to each server function and imposing the rules that you set up. This controls who gets access to your system and how much access they are granted. It does not replace or override IBM i/OS security. It works on top of IBM i/OS. If you allow a user the right to delete a file through SafeNet/i, but IBM i/OS does not allow the same authority, then it will reject the request. Conversely, if IBM i/OS allows data deletion rights and SafeNet/i does not, then it will also reject the request.
To get a better idea how this works, look at this diagram. It provides a visual image that helps to clarify where SafeNet/i fits in your system. As you can see, without SafeNet/i, you may have a significant security exposure.
You should also check our on-line demo. Take a look at our partial list of customers currently using SafeNet/i too.
SafeNet/i, developed by MP Associates of Westchester, is available from Kisco Systems for a FREE TRIAL. Just place your order here.
Software support is FREE for your first year of ownership. After this initial period, annual support charges will apply. Support includes unlimited email support, defect correction and free release updates.
We look forward to hearing from you. If we can help clarify any SafeNet/i features, please call us at (518) 897-5002.
Do you have questions about SafeNet/i? E-mail them to us
Available for FREE 30 day trial
Place your order here for a FREE trial of SafeNet/i.
When ordering, check for PTF's that may be required on your system.