CONTROLER
AccueilGroovy ?SolutionsNewsPartenairesContact
 

CONTROLER : your System i Protector.

CONTROLER offers a complete solution to protecting Corporate Data that includes controlling external access to the System i, OS/400 commands as well as SQL statements.

CONTROLER is the Active Component of the Cilasoft Security Suite.            

  • It protects System i data which are accessible either via the network (FTP, ODBC, DRDA...) or via an OS/400 command.                
  • Using the OS/400 exit points technique, CONTROLER fits into the scheme of auditability of controls and actions made.                
  • It enables better monitoring of confidential data thanks to the SQL and QRY engine audit module.

Using the OS/400 exit points technique, CONTROLER fits into the scheme of auditability of controls and actions made.

CONTROLER meets many objectives:

  • Easy to Install.                
  • Offers the Ability to Create Rules to Precisely Control Access to Critical Data
  • Traceability and auditability of actions and controls made.
  • Virtually No Impact to System i Performance.

CONTROLER includes a simulating tool which tests the controls and conditions implemented without disturbing the running of the machine.

FEATURES

TCP-IP access control        

The TELNET access and FTP instructions are managed as well as the remote commands        

  • Authorize the downloading of files available on your iSeries server, but only authorize certain user groups to transfer data from their PC or another server to the iSeries.       
  • Refuse connections from a PC of your network when it is identified by its IP address.

        

Client Access control        

Access to the iSeries’ ODBC server as well as all remote commands are filtered

Client Access allows authorized users to read and write data in your iSeries database.

  • By using CONTROLER, you can authorize users to carry out queries using the SELECT instructions but you can deny an INSERT on certain files.

 

Command control

This function allows you to control the use of commands in detail and limit their use precisely if necessary.

For example :

  • Authorize IT staff to use the commands only if they are in a test library.
  • With a company code parameter, CONTROLER can authorize only users from a list of members and deny access to others.
  • Create an entry in a journal by storing the transferred parameters when you are using a specific command.

        

Audit of SQL & QRY engine

The module, which is included in the CONTROLER interface, allows you to check on the confidentiality of sensitive data.

For the jobs, users, etc you have decided to audit, it logs and alerts:

  • the SQL statement (SELECT, UPDATE, DELETE, INSERT, DROP, etc),
  • the entry points (STRSQL, RUNSQLSTM, ODBC, RUNQRY, WRKQRY, etc),
  • and the files displayed through QRY.

Example: you want to be alerted when a non-authorized user displays salary information, credit limits, etc through SQL.

        

Filter options

The filters can be used:

  • for files: you can filter by name, library, attribute, owner, audit value or member concerned.
  • for commands: by name or library.
  • for the work: by time, date, day or by IP address.
  • for users: by profile, class, group, audit value, user restricted possibilities, user programs or by user initial menus.
  • for data queues: by name or by library.

The selections can be made during the control or stored and then used for many controls.

The conditions can be applied to a particular value or to condition lists shared with QJRN/400.

      

Actions

For each control, you can define whether the command must be authorized or denied when the conditions are met.

You can specify which action to be carried out:

  • Create a trace in the journal, (linked to QJRN/400) or a file
  • Send a message (OS/400 or email) to a list of predefined recipients
  • Run a program (the source of an example program is included and explained)

        

History log

The events you have chosen to monitor in the log are shown in a chronological order, per control point, per user, etc. Numerous filters allow you to adapt the display depending on the particular events you are searching for.You can then print your selection.

For each event, you can display the detail of the operation, including all parameters.

Any denied access processed in the log, will complete the list of conditions, which have caused the denial (CONTROLER will add a new profile to the list of developers, an IP address of a new PC to the list of IP addresses of the agency).

 

Utilization examples...        

  • Deny a group, class or specific user access to one or several commands.
  • Prevent files from being overwritten by using CA/400 or FTP.
  • Carry out different controls according to time or days.
  • Differentiate actions to be implemented depending on whether the operation concerns a production or test library.
  • Limit access to certain commands (IBM or applications) according to the value of parameters and the profile used.
  • Create a detailed trace of all the operations in a journal which can be used by QJRN/400.

 

MORE RESOURCES

Download the solution brief

Read: Cilasoft Announces Version 5.0 of System i Security Suite

Contact us for:

  • Full detailled PowerPoint presentation
  • Free trial

 

CONTROLER is a Cilasoft product.