Kisco Systems
SafeNet/i : Support : Enhancements and New Features

The following is a list of recent changes and improvements made to SafeNet/i. Most changes are made as the direct result of a customer request. If you have changes you would like to see made to SafeNet/i, e-mail us at support@Kisco.com and we'll add your change to our list of possible implementations.


Register your E-mail address to receive an automatic notification when this product is updated.


SafeNet/i Recent Changes Log

Index:

SafeNet/i Release 11 Updates:

SafeNet/i Release 10 Updates:

SafeNet/i Release 9 Updates:

SafeNet/400 Release 8 Updates:


Release 11 Updates:

11.59: Support for CL commands in SQL

This release adds support for SQL access controls based on CL commands parsed from a SQL request.

This update is available via the Internet as a PTF package PCPTF1159. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from support@kisco.com. Instructions for installing the PTF will be provided along with the file. You must be current on all prior Release 11 PTFs before you can install this change.

With this release requires OS 7.3 or higher. 7.2 is no longer supported.


11.57: Support for new SQL verbs

This release addresses a problem where several newer SQL verbs are not being recognized by SafeNet/i and are getting rejected. Changes made in 11.56 caused "Unknown" verbs to get rejected, leading to unexpected rejections with some customers. The new verbs are CREATE ALIAS, DROP ALIAS, CREATE OR REPLACE, and VALUES.

This update is available via the Internet as a PTF package PCPTF1157. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from support@kisco.com. Instructions for installing the PTF will be provided along with the file. You must be current on all prior Release 11 PTFs before you can install this change.


11.56: SQL comments and new admin parameter

Updated the SQL parser code to bypass –double hyphened SQL statements (commented script lines).

Added a parameter to CHGSPCSET called RSTREGADM (Restrict Regular Admin?) The default is *YES restricted. This alternately allows you to turn OFF the normal regular admins restriction to *ALLLIB/*ALL object, *ALL Commands and the /* root IFS directory entries in WRKUSROBJ, WRKUSRCMD and WRKUSRPTH. It also removes the Regular Admin restriction to QGPL and QUSRSYS library entries in WRKUSROBJ.

This update is available via the Internet as a PTF package PCPTF1156. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from support@kisco.com. Instructions for installing the PTF will be provided along with the file. You must be current on all prior Release 11 PTFs before you can install this change.


11.55: SMS integration and FTP 2FA

SafeNet/i now integrates with our navtive IBM i SMS product, kConnect. This is a much more reliable way to send alerts and 2FA than the outdated email-to-text method. A separate product license is required.

This release also includes support to add 2FA authentication to FTP logins via the FTP exit point. See documentation for details.

This update is available via the Internet as a PTF package PCPTF1155. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 11 PTFs before you can install this change.)


11.53: SQL parsing updates.

A new SQL verb, "VALUES", is now supported.

If a SQL statement includes a verb that is unknown to SafeNet/i, it will be shown on the On-Line Transaction Tester as *Unknown. If the SQL exit point is set to level 4, it will be rejected.

This update is available via the Internet as a PTF package PCPTF1153. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 11 PTFs before you can install this change.)


New option to log rejects to QAUDJRN.

An option has been added to SafeNet/i that lets you optionally post SafeNet/i rejects to the IBM i OS system security journal (QAUDJRN).

This update is available via the Internet as a PTF package PCPTF1114. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 11 PTFs before you can install this change.)


Significant performance enhancement.

For customers running the most recent versions of the IBM i OS (7.3 with TR8 applied or later), we have added a new environment option to use the native IBM SQL parsing routine. Prior to this point we found that the IBM routine was not as efficient as our own home grown parser. With recent changes in the IBM i OS we now know that the IBM routine works much better. SafeNet/i has been updated to give customers a choice as to which SQL parsing routine to use to enforce object security.

This update is available via the Internet as a PTF package PCPTF1112. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 11 PTFs before you can install this change.)


Support Added for new SQL Verbs.

Support has been added for the SQL verbs "SET SESSION" and "SET SESSION_USER".

This update is available via the Internet as a PTF package PCPTF1111. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 11 PTFs before you can install this change.)


QRadar interface enhanced.

At the request of several customers, the QRadar interface has been enhanced to allow for all SafeNet/i Transaction History to be fed to QRadar. Prior to this update, only rejected transactions were made available.

This update is available via the Internet as a PTF package PCPTF1110. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 11 PTFs before you can install this change.)


Socket exit points now optional.

Several customer have reported that following upgrading to SafeNet/i Release 11, which now includes support for three TCP/IP Socket exit points, they were seeing performance issues on their system. Some customers apparently have a very high level of socket activity on their systems. To avoid performance issues and allow customers to phase in Socket exit point controls, we have now made implementation of the Socket exit points optional.

When you first upgrade to release level 11.08 or higher from Release 10 or earlier, the Socket exit points will not be activated. There is now an article on the FAQ page in SafeNet/i support with specific instructions on how to active (or de-activate) these specific exit points.


Two-Factor Authentication Feature Added.

A Two-Factor signon authentication (2FA) feature has been added to SafeNet/i. It can be used in conjunction with the SafeNet/i Web-Central browser interface for SafeNet/i administration and it can also be used for implemention of 2FA for your 5250 terminal signon processes.


New release now available.

Kisco announced a new release of SafeNet/i today, Release 11. The new release features new TCPIP socket access controls along with a redesigned user interface that brings all rules together in a single display. Please review the website for more details, including the press release section.


Release 10 Updates:

Two new support commands added to SafeNet/i.

Two new commands have been added to SafeNet/i that customers can use at their discretion.

The new LOGTOSAFE command can be used to create custom log entries in the SafeNet/i Transaction History file. This allows customers to add content to the Transaction History of their own authorship. This can help especially when the customer is also using the interface to IBM's QRadar software.

The new SNIRESYNC command can be used by customers for force reindexing of user indexes and user spaces when control files use by SafeNet/i are updated by a process other than the menu options or web interface provided in SafeNet/i. This can happen when files are updated on one system and then automatically transferred to another system that is also running SafeNet/i.


Utilization Reports by Group Profile.

When running the utilization reports from the SN4 menu, you can now specify a single Group Profile as a selection and all activity for that profile will then be included in the utilization report.

Also included in this update, all activate and de-activate processes in SafeNet/i are now being logged to the Transaction History file.

This update is available via the Internet as a PTF package PCPTF1046. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 10 PTFs before you can install this change.)


Utilization Reports *OUTFILE option enhanced.

When running the utilization reports from the SN4 menu, a new option has now been added when you specify to create an *OUTFILE rather than a printed report. The new option will allow you to either *ADD records to a pre-existing file or *REPLACE records in the file. Using this option, multiple reports and be run on selected users to build up a comprehensive database for your reporting.

This update is available via the Internet as a PTF package PCPTF1044. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 10 PTFs before you can install this change.)


User exit parameters updated for the FTP Logon point.

The optional user exit program for the FTP Logon point has been changed so that the parameters passed match those used by the IBM OS exit point. See the PTF documentation for more details. If a customer has a user exit registered to the FTP Logon point through SafeNet/i, advance planning for this change is required.

This update is available via the Internet as a PTF package PCPTF1042. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 10 PTFs before you can install this change.)


New Copy To Remote (CPYTORMT) command added.

A new command has been added to the SafeNet/i product to facilitate copying rules and rule sets from one system to another that is also using SafeNet/i.

This update is available via the Internet as a PTF package PCPTF1042. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 10 PTFs before you can install this change.)


Logging of profile swap activity added.

SafeNet/i has now been updated to log user profile swap activity. Prior to this update, customers had to verify swap information using the system security audit journal. Now, swap activity will be logged in the SafeNet/i Transaction History file and can be viewed and reported.

This update is available via the Internet as a PTF package PCPTF1041. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 10 PTFs before you can install this change.)


Performance Improvements, FTP Logon change, Super-User Lookup change, IPv6 address resolution change.

With this release update, SafeNet/i includes the following changes:

  1. Several performance improvements have been implemented that will help across all applications by implementing user spaces and user indexes to replace traditional file I/O when doing security authentication processing.
  2. The FTP logon process can now optionally log user profile activity in the profile information on the system.
  3. The Super-User authentication process has been streamlined to improve performance.
  4. The IPv6 network address process has been streamlined to improve performance.

This update is available via the Internet as Release 10.40. Registered customers of SafeNet/i can obtain this upgrade by just requesting it from us. It is NOT available as a PTF due to the complexity of the change. To request the upgrade, click on the E-mail link at the start of this page. New customers ordering Release 10.40 or higher will have this new feature included.


Support added for IPv6.

With this release update, SafeNet/i can now capture and report network activity made using the IPv6 Internet protocol for device addressing.

This update is available via the Internet as Release 10.39. Registered customers of SafeNet/i can obtain this upgrade by just requesting it from us. It is NOT available as a PTF due to the complexity of the change. To request the upgrade, click on the E-mail link at the start of this page. New customers ordering Release 10.39 or higher will have this new feature included.


New SQL verb support added & more.

The SQL verb "MERGE INTO" is now supported by SafeNet/i.

In addition, the core object authorization routines have been recoded and optimized to improve performance. The result is even better performance overall for SafeNet/i and better storage use efficiency.

This update is available via the Internet as Release 10.35. Registered customers of SafeNet/i can obtain this upgrade by just requesting it from us. It is NOT available as a PTF due to the complexity of the change. To request the upgrade, click on the E-mail link at the start of this page. New customers ordering Release 10.35 or higher will have this new feature included.


Three significant enhancements added to SafeNet/i.

Three major enhancements have been added to SafeNet/i with this announcement.

First, SafeNet/i now supports context sensitive source IP address access controls. SafeNet/i has always supported source IP address controls for accessing by Telnet and FTP. With this change, this control is extended out to all server functions where the source IP address is available, which means almost all of the security related exit points. And, these controls can be implemented by user profile.

Using this feature, a user profile might be granted access to the system for FTP, but denied access for ODBC from a given source IP address (or IP address range). This will allow customers, for example, to limit ODBC connections to users when they are on site and deny similar access when they are working remotely.

The second enhancement implemented today is that remote Telnet users can now be restricted to only those users who are using an SSL protected connection. For customers using SSL for Telnet sessions, this can guarantee that those 5250 data streams are secure.

The third enhancement is that a new type of SafeNet/i Administrator account is now supported. This new Administrator function is a "read only" admin who can check and review security settings in SafeNet/i but is not permitted to make any changes. This is helpful when going through a security audit and will allow an auditor to review settings without letting them make any changes, accidental or otherwise.

This update is available via the Internet as a PTF package PCPTF1025. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 10 PTFs before you can install this change.)


SSL status captured on Telnet connections.

At the request of a customer, we have added additional data about Telnet connections to the Transaction History file, including the SSL status of the connection. Initially, this information is only being displayed using the On-Line Transaction Tester process.

This update is available via the Internet as a PTF package PCPTF1019. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 10 PTFs before you can install this change.) New customers ordering Release 10.19 or higher will have this new feature included.


New report command added.

A new report, Print ALL Usage Reports (PRTSNUSG) has been added to SafeNet/i. This will let you run all usage reports for selected profiles which can be helpful in checking to see exactly how a profile is being used on your system.

This update is available via the Internet as a PTF package PCPTF1016. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 10 PTFs before you can install this change.) New customers ordering Release 10.16 or higher will have this new feature included.


New transaction testing options added.

At the request of a customer, we have added two new transaction testing options to SafeNet/i.

First, you can now set up a set of rules under the new special user profile of *TESTUSER. Then, using the On-Line Transaction Testing feature already built into SafeNet/i, you can test a set of transactions against this special user profile by asking the tester to do a profile swap with *TESTUSER. This will allow you to test rules changes safely before actually implementing them. The Copy SafeNet User command (CPYSNUSR) has been updated to allow you to copy a set of rules for a given user into *TESTUSER and then, when you are done, to copy the updated rules back to the live user profile.

The second testing change that has been implemented is that the Auto Enrollment reports for each server function (using the PRTxxxUSG commands) have all been updated so that you can test failing transactions. Using this feature, you can retest a failed transaction and discover all possible rules violations, not just the first one found through normal transaction testing.

This update is available via the Internet as a PTF package PCPTF1015. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 10 PTFs before you can install this change.) New customers ordering Release 10.15 or higher will have this new feature included.


Several major enhancements implemented - see details.

This update includes the following enhancement to SafeNet/i Release 10:

  1. SafeNet/i can now be fully integrated into IBM's QRadar family of products. The new interface is now documented in a separate set of user instructions available via download from the SafeNet/i website.
  2. Customers can now select the sequence used by SafeNet/i when performing security authorization lookups. Multiple search sequences are now available.
  3. Path requests for QSYS.LIB objects are now standardized.
  4. The various PRTxxxUSG commands (including PRTSECRPT) can now be run against any archive library file.
  5. New performance options are now available when running the SafeNet/i log file purge process (STRPRGARC).
  6. Profile swapping has been enhanced to allow selection of a swap profile based on the server being accessed.

This update is available via the Internet as a PTF package PCPTF1011. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 10 PTFs before you can install this change.) New customers ordering Release 10.11 or higher will have this new feature included.


Support for integration with SAP *SQL exit point registration.

Customers who run SAP on their IBM i platform have reported a conflict with the *SQL exit point when the SAP exit program is registered there. When this happens, SafeNet/i sees the SAP exit program and does not register the appropriate SafeNet/i program, flagging the point as level 5. Since the SAP exit point does not provide security features and controls, these customers will want to have SafeNet/i work when the SAP exit program is registered.

SafeNet/i has been upgrade to accomodate this change. Detailed instructions are now included telling our SAP customers how to configure this to use both the SAP exit program and the SafeNet/i exit controls for security.

This update is available via the Internet as a PTF package PCPTF1009. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 10 PTFs before you can install this change.) New customers ordering Release 10.09 or higher will have this new feature included.


Limited support for Web-Central Interface added for SafeNet/i customers.

With this change, Kisco is now providing some limited support for the new Web-Central interface for our SafeNet/i Lite customers. The SafeNet/i dashboard will work and access to the transaction history logs is now supported.

This update is available via the Internet as a PTF package PCPTF1001. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 10 PTFs before you can install this change.) New customers ordering Release 10.01 or higher will have this new feature included.


New release now available.

Kisco announced a new release of SafeNet/i today, Release 10. The new release features a browser based interface to administer the software called "Web Central". Please review the website for more details, including the press release section.


Release 9 Updates:

FTP sessions using SSL are now identified.

Effective date: 07/18/2013 - Release 9.10

FTP sessions that are connecting over an SSL encrypted connection are now identified by SafeNet/i. When looking at the On-line Transaction Review or on reports, these connections will now be shown with the description "Connected via SSL".

This update is available via the Internet as a PTF package PCPTF910. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 9 PTFs before you can install this change.) New customers ordering Release 9.10 or higher will have this new feature included.


Support added for texting alerts to your cell phone.

Effective date: 06/14/2013 - Release 9.09

With this change, the CHGNOTIFY command will now accept email addresses that start with numeric characters. Because of this change, you can now enter a cell phone number based email address and send alert notices to cell phones in addition to the other options already available.

This update is available via the Internet as a PTF package PCPTF909. Registered customers of SafeNet/i can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 9 PTFs before you can install this change.) New customers ordering Release 9.09 or higher will have this new feature included.


New restriction added when starting the logging process.

Effective date: 08/24/2012 - Release 9.06

When the SafeNet/i transaction history purge process runs, it normally shuts down the SafeNet/i logging process and then restarts it at the exact right point in time. In some shops, when someone notices that the logging process is not active, they try to start it while the purge is still active. As of this release, the start logging command will not work if the purge is running. This will help avoid conflict errors.

This update is available via the Internet as a PTF package PCPTF906. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 9 PTFs before you can install this change.) New customers ordering Release 9.06 or higher will have this new feature included.


Time selection added to Service File extract.

Effective date: 06/26/2012 - Release 9.05

Two new parameters have been added to the Service File extract process that is used to send analysis information to Kisco. These two new parameters, in the SNDSVCFILE command (option #7 on the INSTALL menu) let you narrow the selection down to a specific starting and ending time span.

This update is available via the Internet as a PTF package PCPTF905. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 9 PTFs before you can install this change.) New customers ordering Release 9.05 or higher will have this new feature included.


New release now available.


Release 8 Updates:

Improvements made to Security Report by User.

Effective date: 12/01/2011 - Release 8.B3

At the request of a customer, we have made two changes to the Security Report by User, option #1 from the SN4 reports menu. First, a new parameter has been added to let the customer request that if there is no content selected for the report, then it is not generated at all. Second, the report now includes not only the user profile, but the descriptive text associated with that user profile.

This update is available via the Internet as a PTF package PCPTF8B3. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.B3 or higher will have this new feature included.


Alternate SafeNet/400 administrative security option added.

Effective date: 10/26/2011 - Release 8.B2

We have now implemented an alternate product administration methodology for SafeNet/400 that allows you to redefine what regular product administrators can do with the product and what super administrators can do. This change also adds a new security restriction to the Change SafeNet Special Setting (CHGSPCSET) command that only allows super admins to use it. This may have adverse affects if your have use of this command built into your system backup process. Please see the important warning information that comes with the PTF before you install the PTF.

This update is available via the Internet as a PTF package PCPTF8B2. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.B2 or higher will have this new feature included.


New option added for the Executive Summary Report.

Effective date: 5/16/2011 - Release 8.A5

A new option has been added to the SafeNet/400 Executive Summary Report that allows you to run the report in summary format. The summary format will run much faster than the detail form since it does not have to search the transaction history file for specific transaction information.

This update is available via the Internet as a PTF package PCPTF8A5. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.A5 or higher will have this new feature included.


Support added for Kerberos single signon processing.

Effective date: 5/12/2011 - Release 8.A4

Based on a customer request, we have enabled an option in SafeNet/400 that will allow you to use Kerberos single signon software with your IBM i running SafeNet/400.

This update is available via the Internet as a PTF package PCPTF8A4. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.A4 or higher will have this new feature included.


New option on SQL Usage Report command.

Effective date: 10/04/2010 - Release 8.98

When running the SQL Usage Report (command PRTSQLUSG), a new option gives you control over the amount of SQL information included in the *OUTFILE when you also select that option. This lets you either include or exclude the full SQL statement from the data stream you are extracting. Excluding the full SQL statement can result in significant disk space savings while running the report and for storing the *OUTFILE results.

This update is available via the Internet as a PTF package PCPTF898. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.98 or higher will have this new feature included.


Improved reporting programs replace old reports.

Effective date: 09/17/2010 - Release 8.95

All of the report programs accessed from the SN4 menu in SafeNet/400 have been updated. The changed programs include very improved performance, especially for customers with large transaction history files to be processed. In some cases, we have found where the new report, using selection critera, runs in one fourth the amount of time when compared to the older reports. The report output formats remain unchanged.

This update is available via the Internet as a PTF package PCPTF895. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.95 or higher will have this new feature included.


New Twitter Alert notification option added to SafeNet/400.

Effective date: 06/24/2010 - Release 8.84

With this change, SafeNet/400 Alerts can now be sent as Tweets through the Twitter short message service. Using modules from Kisco's Twitter interface product, SNDTWEET, SafeNet/400 can now post security alert messages through Twitter to notify registered users who follow a secure Twitter account that you set up for your System i.

This update is available via the Internet as a PTF package PCPTF884 which also includes additional fixes. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.84 or higher will have this new feature included.


Extra security option added for Transaction History File.

Effective date: 05/19/2010 - Release 8.83

A new option for imposing extra security on the SafeNet/400 Transaction History file has been added to prevent anyone from altering the file. The default security configuration for this file (named TRAPOD in library PCSECDTA) has the file secured by the SAFENET authorization list. As such, the only users who have full access to the file are SafeNet/400 Administrators plus anyone else with all object (*ALLOBJ) authority. Normally, this should be sufficient security since all of these users fall into the category of security officers.

Some customers, however, need an extra level of security for this file in order to satisfy strict audit requirements. For these customers, we have implemented the SETTRAP command which can activate additional security for the TRAPOD file. Using the command can toggle this security on and off.

This update is available via the Internet as a PTF package PCPTF883 which also includes additional fixes. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.83 or higher will have this specification change included.


Journaling status now reported in Executive Summary report.

Effective date: 05/17/2010 - Release 8.82

At the request of a customer, we have added a status line to the SafeNet/400 Executive Summary Report to indicate whether file journaling for the SafeNet/400 control files is currently active or not active.

This update is available via the Internet as a PTF package PCPTF882 which also includes additional fixes. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.82 or higher will have this specification change included.


On-Line Transaction Review Upgraded and Improved.

Effective date: 01/08/2010 - Release 8.77

The On-Line Transaction Review process, option #9 on the SN2 menu, has been completely rewritten. The new program includes much improved performance, especially when used with filtering options. Also, a new option has been added that allows you to work with transactions in descending sequence, bringing the most recent transactions to the top of the display.

This update is available via the Internet as a PTF package PCPTF877 which also includes additional fixes. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.77 or higher will have this specification change included.


Data queue status reporting added to Executive Summary Report.

Effective date: 12/29/2009 - Release 8.76

The SafeNet/400 Executive Summary Report (option #10 on the INSTALL menu) has been updated to show that current status of the SAFEQ data queue for your installation. If the data queue is either damaged or missing, a message indicating that the data queue is in exception condition will be listed. If no exception exists, then it will report that the data queue is normal.

This update is available via the Internet as a PTF package PCPTF876 which also includes additional fixes. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.76 or higher will have this specification change included.


New SAFELOGING subsystem status information added to Executive Summary Report.

Effective date: 10/14/2009 - Release 8.71

New status information about the SAFELOGING subsystem has been added to the SafeNet/400 Executive Summary Report (option #10 on the INSTALL menu). This new information will show you whether the subsystem is active, and if it is active, what tasks are running and their current state.

This update is available via the Internet as a PTF package PCPTF871. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.71 or higher will have this specification change included.


SafeNet/400 Administrator can now be a group profile.

Effective date: 10/14/2009 - Release 8.71

When creating a SafeNet/400 Administrator, SafeNet/400 will now let you enroll at the group profile level. When you do this, all members of the group will be considered to be SafeNet/400 Administrators relieving you of the need to enroll them individually.

This update is available via the Internet as a PTF package PCPTF871. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.71 or higher will have this specification change included.


Transaction History Purge process improved.

Effective date: 10/09/2009 - Release 8.70

Two improvements have been made to the Transaction History File (TRAPOD) purge process. With this release change, every time a purge is run, a special audit record will be written to the Transaction History File to note that the purge was run. Also, the purge criteria now takes the time of day into account when running the purge. So, if a purge is run to keep the last 2 days of history on file, for example, the two day period will be up to the time when the purge was started.

This update is available via the Internet as a PTF package PCPTF870. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.70 or higher will have this specification change included.


New option added to ADDUSRPTH command

Effective date: 03/11/2009 - Release 8.65

SafeNet/400 allows you to specify *EXCLUDE access for a user to an object path. Until this change, that option could only be set manually by using option #7 on the SN1 menu. With this change, you can now create an exclude option for an user/object combination from the command line using the ADDUSRPTF command.

This update is available via the Internet as a PTF package PCPTF865. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.65 or higher will have this specification change included.


Run Security Report from archived history

Effective date: 02/18/2009 - Release 8.63

With this change, a new option on the Print Security Report by User command (PRTSECRPT) allows you to specify that the report be run based on information stored in the transaction history archive file. Prior to this change, the archived information had to be restored to the active file before any reporting was possible.

This update is available via the Internet as a PTF package PCPTF863. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.63 or higher will have this specification change included.


New option added to command

Effective date: 02/09/2009 - Release 8.62

SafeNet/400 allows you to specify *EXCLUDE access for a user to an object. Until this change, that option could only be set manually by using option #3 on the SN1 menu. With this change, you can now create an exclude option for an user/object combination from the command line using the ADDUSROBJ command.

This update is available via the Internet as a PTF package PCPTF862. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.62 or higher will have this specification change included.


New report added to SafeNet/400

Effective date: 05/20/2008 - Release 8.51

At the request of a customer, we have added a new report to SafeNet/400 that produces a list of the SafeNet/400 Administrators currently registered. There is also an optional feature that allows you to create this list in an *OUTFILE format for use in your own reporting systems.

This update is available via the Internet as a PTF package PCPTF851. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.51 or higher will have this specification change included.


Interim release 8.50 of SafeNet/400 now available

Effective date: 05/06/2008 - Release 8.50

An interim release level, Release 8.50, is now available for SafeNet/400. This release includes the following new features:

  1. The FTP Client exit program has been enhanced with new object level controls. This feature now supports a setting at level 4 so that you can control which objects FTP Client users are allowed to use on your System i during their FTP Client session.
  2. The FTP Client exit program has been enhanced with IP address controls. When the FTP Client is used at either level 3 or level 4, you can now control which IP addresses the FTP Client user is allowed to connect with.
  3. The email alert notification process for SafeNet/400 has been enhanced and simplified. You now will no longer need to maintain SMTP destination addresses in the System i directory. SafeNet/400 Release 8.50 lets you specify the destination email addresses directly. Also, the notification email message will now contain a summary of the violations that have occurred.
  4. SafeNet/400 release updates are now available to all current customer via a download option. Up to this point, release upgrades had to be processed from a source CD provided by Kisco Information Systems. With this new capability, Kisco will make an ISO CD image file available to current customers via download thereby eliminating delays due to shipping.
  5. Release 8.50 includes interim updates to all SafeNet/400 documentation. Check the SafeNet/400 Download page to get the latest versions of all documentation or just request copies from Kisco Information Systems by email request.

This update is available via the Internet as a PTF package PCPTF850. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.50 or higher will have this specification change included.


SafeNet/400 is now V6R1 Ready

Effective date: 03/06/2008 - Release 8.21

In preparation for the major new release of i5/OS (OS/400) from IBM, SafeNet/400 is now ready for this new release. A minimum release level of 8.21 will be required for customers moving to this new release level from IBM.

This update is available via the Internet as a PTF package PCPTF821. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.21 or higher will have this specification change included.


Rejection detail list added to Email alert notification

Effective date: 10/09/2007 - Release 8.15

At the request of a customer, we have enhanced the email alert notification process. With this change, when you are using summarized alerts, SafeNet/400 will include an attachment with your email notice that will contain details about each of the alerts included in the summary. With this, you can quickly see the nature of the alerts without having to access your server first.

This update is available via the Internet as a PTF package PCPTF815. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.15 or higher will have this specification change included.


New option to exclude a specific exit point from SafeNet/400 processing

Effective date: 07/19/2007 - Release 8.11

At the request of a customer, we have added an option so that you can flag any exit point on the system to be excluded from SafeNet/400 processing when the product is activated and deactivated. Use of this option will open up a security exposure on your system, so we do not recommend that you use this without consulting first with Kisco support staff. Some customers, however, may find that their system requires that a specific exit program from SafeNet/400 be excluded on their system.

This update is available via the Internet as a PTF package PCPTF811. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.11 or higher will have this specification change included.


New option to select all SQL statements for a user profile

Effective date: 06/28/2007 - Release 8.09

A new option has been added when you select SQL statements being authorized for a user profile. The new *ALL Statements option will allow you to authorize all SQL verbs for a user profile without having to go through and select each one from the several display panels presented.

This update is available via the Internet as a PTF package PCPTF809. Registered customers of SafeNet/400 can obtain this PTF as an E-mail attached file by just requesting it from us. Instructions for installing the PTF will be provided along with the file. To request the PTF, click on the E-mail link at the start of this page. (Note: You must be current on all prior Release 8 PTFs before you can install this change.) New customers ordering Release 8.09 or higher will have this specification change included.