 |
      |
|
QJRN/400 - A Comprehensive Auditing Platform for the System i
QJRN/400 runs the audit trail provided by database and system journaling. It includes a query manager that enables precise selections, customizable reports and processing methods (in real time or scheduled mode). STANDARD FEATURES
APPLICATION AUDIT Control of the integrity of audit parameters All monitoring scheme must be guaranteed that no modification will be made to the administration rules because they may have an influence when generating traces (e.g.: stopping and restarting file journaling or deleting a receiver without having analyzed it). Operations carried out outside the information system You may detect precisely all operations carried out by programs not recognized as a standard part of the application. These could include DFU, SQL, upload Client Access, or "makeshift" programs known to be risky. You will then be given the proper solution to take action. Operations carried out outside business hours If you wish to fight fraud, measuring activity outside business hours is an excellent indicator. Control of the user fields and date of last modification You may detect the transactions, which don’t correctly update these fields or unusual "makeshift" transactions. Control of pricing conditions It is very easy and of little or no risk to change the pricing conditions of a "friend" customer, to create their invoice, then recreate the initial conditions. Standard controls of average prices are not enough to detect this kind of fraud. Control of sensitive data Certain information is extremely sensitive and it is sometimes difficult to find the origin of any modification. E.g.: details of bank accounts, elements related to salary, credit limits, credit cards, accounts (text, invoice, due date). Monitoring of sensitive profiles (remote maintenance, service providers) Certain profiles need an extended access at application and system levels. So they have to be closely monitored. Having access to confidential information can be quite tempting. It can also be useful to know what took place during the remote maintenance connection time. Traceability on what was opened If the application authorizations cannot deny access to certain information, you could keep track of all access and then audit them later. Operations on dormant bank accounts Audit operations carried out on an account that has remained unchanged for X years. Operations on badly managed bank accounts Audit operations carried out on company accounts whose approximate management is well known. Search for malfunctions Understanding the context of anomalies is a very important phase and always time consuming in application maintenance. Disputes, audit track for a pedagogic use You may ensure the origin of a particular situation without ambiguity when a dispute appears between editor, service provider or operator. You may also solve the problem when the litigious situation implies several applications sharing and updating common information. You may check procedures and parameter table updates. The result is very instructive because it explains the consequences of an error due to someone who forgot, took the wrong initiative or to a bug. Factual complements You can alert a certain group of users or run a specific action when a field X increases more than x% (discount rate), a record has not been modified for over x months, a record has been created according to certain conditions (stock entry, employee creation). Traceability complementary to the application You may keep track of all movements related to a file number all its life and you can ask for a quick, easy and complete log. File downloads You can monitor the use of Client Access and FTP transfer functions. Background data surfacing QJRN/400 can be installed in background mode on secondary machines, traces are filtered by the automatic queries and the results are stored in the files. They are then inserted into the monthly backup procedure to be sent to headquarters. Each file is analyzed by a series of queries highlighting anomalies and potential fraudulent behavior. SYSTEM AUDIT Control of the integrity of audit parameters All monitoring scheme must be guaranteed that no modification will be made to the administration rules because they may have an influence when generating traces (e.g.: the modification of system values, audit attributes at user and object levels, deletion of a receiver without having analyzed it). Explanations about the production You may keep track of harmful operations (running several batch jobs on the same program, priority changes in OUTQ). Adopted authority You may filter the running of programs which allow too much authorizations, without taking into account programs already known. Access control to production data While auditing, profiles which are not part of the production group may access production data (e.g.: development). Security monitoring Interventions on profiles, system values, network attributes, authority on sensitive objects, attempts to open unauthorized sessions or access to unauthorized resources. Control of transfers to production Check that the creation of new objects in production respects a pre-defined procedure. Monitoring of sensitive profiles at command level Log of commands run by certain profiles according to different filters possible. Delete and display spool files These actions may be audited according to the spool file and/or the sensitivity of the owner user. ARCHITECTURE - A suite for the journaling administration. All the journals can be declared and monitored by QJRN/400. The already existing ones are easily recovered. QJRN/400 also deals with the creation and running of journaling environments. QJRN/400 can run perfectly well with other high availability software. Each environment has a repository that describes the fields in the fully journaled database. This repository is automatically generated and has numerous possibilities of customization. It focuses on all databases and it is preloaded for system journals. A configurable query manager Thanks to an original and unique design of the query system, the content of receivers is presented in a clear, pleasant and precise way. There are various selection possibilities. Finally, the different restitution modes (OS/400 messages, email, display, prints, files) combined with all types of execution (continuous, automatic or scheduled mode) contribute to the implementation of detailed and automated audit schemes. MORE RESOURCES Read: Cilasoft Announces Version 5.0 of System i Security Suite Contact us for:
QJRN/400 is a Cilasoft product.
|
|
|