NetIQ Updates OS/400 Security Software

NetIQ this week will begin shipping a new version of its iSeries security software designed to make it easier for OS/400 shops to lock down their systems. NetIQ Security Solutions for iSeries version 8.0 includes updates to several products, and includes new features such as a “Delta Checkup” baseline analysis tool, better support for OS/400 IFS and iASPs, and better integration with NetIQ’s cross-platform security configuration and enforcement products.

NetIQ has been in the OS/400 security business since it acquired PentaSafe Security Technologies almost three years ago. That purchase brought four OS/400 products to the San Jose, California, company, including PSAudit, PSDetect, PSSecure, and PSPassword–which collectively are known as NetIQ’s Security Solution for iSeries–in addition to PentaSafe’s VigilEnt line of cross-platform security tools, which live today as Security Manager and Vulnerability Manager.

With version 8.0 of the Security Solution for iSeries, NetIQ has focused heavily on improving the integration between its native OS/400 security components and the Security Manager and Vulnerability Manager products. In addition to offering the type of low-level security protection for Unix and Windows that the Security Solution for iSeries products offer to OS/400 systems, Security Manager and Vulnerability Manager provide OS/400 shops with functionality they can’t get other ways, including centralized management and reporting of security and audit settings across multiple OS/400 servers.

And that platform-specific knowledge contained within NetIQ’s product line can be very valuable to iSeries administrators, says Sacha Dawes, a product manager with NetIQ. “The iSeries can run five operating systems at once. Do you have the knowledge to protect them?” he says.

The new Delta Checkup Reporting functionality, for example, is delivered through integration between PSAudit and Vulnerability Manager version 5.5, which started shipping in April. Delta Checkup Reporting enables users to spot suspicious activity by rogue users or programs by comparing details of a baseline report established at the onset of usage and new reports that are subsequently run against the system. This new feature also has applicability in regulatory compliance environments.

Better integration between Security Manager and PSDetect provides OS/400 shops with real-time intrusion detection and policy enforcement from the Security Manager Windows GUI. Administrators can configure the NetIQ software to automatically send alerts or take pre-defined actions when it detects a security incident on OS/400 systems. Because Security Manager provides security protection for a range of operating systems–including Windows, Unix, Linux, and OS/400 (through Security Solution for iSeries)–a significant benefit here is Security Manager’s capability to detect and correlate events happening across different systems, and provide a unified defense against blended attacks.

Security Solution for iSeries 8.0 also brings some OS/400-centric improvements, including better support for Independent Auxiliary Storage Pools (iASPs) and the Integrated File System (IFS). Before this release, users could build reports about changes made to multiple IASPs and the entire IFS, but it required a lot of extra work and finagling to do so, says Pauline Brazil, a product manager with NetIQ. “Now we’ve introduced new reports to get information from various iASPs. Instead of running reports from all the iASPs, you just run it once,” she says.

There are close to two dozen reports administrators can now run against their iASPs, including the capability to look for new, damaged, or restored objects; new source or data files; or new libraries. As far as the IFS goes, administrators can now use Vulnerability Manager to run “task reports” against the IFS, looking for files with certain attributes, such as those that are set by user ID, by group ID, or files or directories that are rewriteable. These reports are also now included in the Delta Check Up baseline reporting analyzer, and can help administrators detect problems such as mis-configurations and Trojan Horses, Brazil says.

There’s never a bad time to improve security on a server that’s housing critical information about a business or its customers. In fact, considering that NetIQ continues to find that managers, administrators, and operators need education on the basics of iSeries security (yes, it is a very secure operating system, but support for standards like TCP/IP, SMPT, and FTP make it vulnerable if exit points are not solidified), now is probably a really good time to take a closer look at your iSeries network configuration.

In fact, Dawes sees IBM‘s big drive to bring visibility of the iSeries, and IBM touting the iSeries’ capability to run different operating systems, as perhaps having unintended consequences. “We’re going to see a greater number of attacks against i5/OS. They [iSeries] are housing critical information,” Dawes says. In general, customers are not very open about the security problems they’ve had. But an up tick in interest about iSeries security from NetIQ’s customers says that NetIQ’s customers are worried about this.

The pricing and packaging of the NetIQ Security Solution for iSeries has also changed. PSPasswordManager, which identifies OS/400 users with passwords that are easily guessed, is no longer a separate product and is now a part of PSSecure with version 8.0. Also, pricing for the entire suite is no longer based on the size of the machine and the number of users, but is based on the number of LPARs (logical partitions) that the software is installed on.

Pricing for the full bundle of PSSecure, PSAudit, and PSDetect starts at $8,000 per LPAR. The software is expected to be available later this week. Vulnerability Manager and Security Manager cost extra. For more information, visit www.netiq.com.