Shield Delivers Monitoring Solution for FTP on IBM i

June 19, 2024 Alex Woodie

Shield Advanced Solutions last month delivered FT4i, a new utility that helps to secure File Transfer Protocol (FTP) activity on IBM i. The new tool not only controls who is allowed to use FTP, but also logs all FTP activity to uncover possibly criminal activity after the fact.

FTP is one of the most heavily used Internet protocols in the world. Across every industry, organizations use FTP to send and receive what is likely petabytes worth of data every single day. If the Internet is a “super highway,” then FTP is the 20-lane workhorse of an Interstate freeway, facilitating information flow and commerce.

But FTP also happens to have security vulnerabilities. The problem isn’t in the protocol itself, although best practices mandate that companies use encrypted forms of FTP, either SFTP (which uses SSH) or FTPS (which uses TLS/SSL). The problem lies in how organizations use FTP.

According to Chris Hird, the president of Shield Advanced Solutions, many IBM i shops have no way to prevent users from accessing FTP. And once they’re using FTP, they have no way to tell what the users have done.

“We were working with a lot of high availability customers, and we saw that none of them had any security on FTP,” Hird told IT Jungle at the recent POWERUp 2024 conference in Fort Worth, Texas. “They didn’t realize it ran.”

FT4i logs all FTP activity on IBM i. (Image courtesy Shield Advanced Solutions)

The lack of FTP security at IBM i shops could allow internal users to not only steal confidential information from the IBM i database, but to leave essentially no tracks, Hird said.

“There’s nothing to stop any of those users from setting up something and stealing all your data,” he said. “If you have some salesperson who’s working for you, then all of a sudden he becomes a disgruntled employee and he’s going to move to another company, he can take the data with him, because you’ve got FTP running. You will never know.”

The lack of security and logging around FTP concerned Hird so much that he decided to do something about it. The longtime C programmer realized that IBM provided the core components he needed to build a solution. The exit points in the operating system itself can control access to FTP and monitor FTP activity. Hird just needed to build a solution around those exit points to provide access control and logging for FTP, and that’s what he did.

FT4i uses IBM exit points to restrict access to both the FTP server (incoming connections) and FTP client (command line outbound connections), to and from the IBM i. It works with plain vanilla FTP as well as FTPS and SFTP variants. It allows customers to shut down all FTP activity, to allow only certain users to work with FTP, to allow FTP only at certain times of the day, or work only with certain IP addresses.

Additionally, FT4i logs all FTP activity. It keeps a database record of which users accessed FTP, when they accessed it, and the IP address on both ends of the connection.

FT4i won’t be useful for IBM i shops that built their own exit point programs, or bought a third-party exit point solution. But for large fraction of IBM i shops that have done neither, FT4i can help close one of the biggest and most persistent security vulnerabilities on the IBM i platform, Hird said.

“Not many people have the exit point solutions. They’re too expensive,” he said. “We’re more interested in getting the customer what they need at a reasonable price. For us it’s not about ‘Let’s get lots of value from this so we can sell the company.’ I think that’s the big difference, we don’t have investors to service. We’re self-funded, a small company. And we’re dedicated to the community, so we’ll sell it at what makes sense.”

FT4i also integrates with other Shield products. If customers have Shield’s Nagios-based IBM i monitoring solution and its Grafana-based At A Glance (AAG) user interface, then they can be notified automatically when suspicious FTP activity is taking place.

FT4i features Web-based and 5250 interfaces, giving customers a choice in how they interact with it. A subscription to FT4i costs $55 per month. For more information on the product, see www.shieldadvanced.com/Blog/announcement-ft4i-security-for-ibm-i/ or read Hird’s blog on FT4i at this link.

RELATED STORIES

Shield Adds HMC, Security PTFs to Nagios Monitoring Solution

Shield Builds on Success with Nagios for IBM i

Shield Launches Message Monitoring Offering for IBM i

Shield Debuts Nagios Monitoring Solution for IBM i