Raz-Lee Asks ‘What If’ With Firewall
October 9, 2019 Alex Woodie
Security administrators who feel challenged to keep up with the volume and variety of log data emanating from the IBM i server may be interested in the new “What If” features that Raz-Lee Security recently added to Firewall, its exit-point management solution for IBM i.
Firewall helps to guard network access points to IBM i servers, including TCP/IP, FTP, Telnet, DHCP, and other protocols. The software lets administrators set global and specific access rules for groups of IBM i servers and users, as well as controlling access to IBM i objects and providing the ability to set exceptions for specific users. It’s a powerful and established IBM i security tool, used for years, featuring both GUI and 5250 greenscreen interfaces.
Firewall also generates its share of logs to track what has taken place. These logs have the potential to be quite voluminous, just like the other log-generating interfaces on the IBM i server (the audit journal comes to mind). Raz-Lee develops owner tools to manage some of these other logs, such as its AP-Journal software. Now it’s providing more BI-like functionality for the log data generated by Firewall.
With Firewall version 18.08, Raz-Lee has expanded the “what if” capability in the software. According to the company, this feature delivers better insight into the configurations of the exit points themselves, including the capability to “re-calculate logged events.”
The company explains how the new feature works:
“Now you can check your previous activity logs against rules that you have modified and see how these changes would influence the results. Results that would change are highlighted. This requires no previous preparation and can be used for any set of past events.”
In other words, security administrators can tweak the exit point settings and see how those changes would have impacted their real-world traffic. That can help an administrator see in advance how an attempt to tighten security rules might cause unexpected impacts, and take further steps to refine how those changes should be implemented.
The new release, version 18.8, can also let admins simulate firewall Events. That means that the admin can determine “the behavior of the firewall for any possible event,” the company says. “Enter any set of event parameters and see how Firewall would react to them. With this capability, you no longer have to create real events to test your rules.”
This release also brings enhanced support for socket exit points, including the capability to accept, connect, and listen to sockets. Raz-Lee says socket exit points can help the administrator control activities like email, TCP, UDP, ports, and IP. They now appear as standard exit points, the company says.
Raz-Lee is also giving customers the capability to go “freestyle” with their socket exit point rules. The company says that, while the traditional “layered” rule system works for most situation, some situations may require administrators to proceed without any predefined hierarchy of checks.
Raz-Lee says that, with freestyle rules, every attribute of the event can be compared to a value. The company gives users various ways to check attributes of known events, using “and” and “or” logic, and also check it’s part of an externally defined group.
Lastly, this release opens Firewall up to work with SQL jobs in the database, in particular OZDASOINT jobs that are server data to ODBC and JDBC connections. The new release also lets users skip server subcommands, which the company says helps to reduce the number of places to look for potential problems.
Shmuel Zailer, CEO, Raz-Lee Security, says the new release of Firewall will help customers keep on top of the changing security landscape.
“Technological advances over the years have compelled IBM to open IBM i systems to networks,” he stated in a press release. “This variety of interfaces and protocols results in new threats. Raz-Lee Security is committed to providing security solutions for the IBM i that will protect it from the ever-changing threats it encounters. We are seriously enhancing our product to provide new dimensions of convenience and agility.”
For more information, see www.razlee.com.
