In version 7.3, launched last April, IBM i is experiencing two major security evolutions:
- optimizing the traceability of network connections
- tracking user rights allocation mechanisms.
They are reflected in two new functions, respectively called "Audit of Socket Connections" and "Authority Collection", whose mission is to improve traceability, a strategic challenge in the face of regulatory pressures, and to grant "necessary" rights to users. Lets focus on these two key features of IBM i 7.3 security by Dominique GAYTE from NoToS, a specialist in security auditing in the IBM i environment.
Traceability of all network connections
The function "Audit of Socket connections" allows to trace and to audit all the connections realized in AS / 400 environment. The administrator can monitor, at any time, from this function, who has logged in, what station, at what time and for what purpose. Beyond monitoring and monitoring of the system, this function is essential to analyze a problem encountered in order to find the origin and to solve it definitively. The traceability of all connection actions leads to a better knowledge of the use of the system, guaranteeing greater security.
Fine-tune management of user rights
The "Authority Collection" function ensures that the administrator truly understands the mechanisms for assigning rights that are actually implemented in the execution of an application. It makes it possible to easily visualize the privileges granted to the user according to the criteria of his profile, the objects, the programs consulted ... The administrator thus easily sees the mechanics of assigning rights in order to evaluate and modify these according to the "right level" of safety.
Beyond rationalization, this function should facilitate the implementation of the user's realization rights (consultation, entry, update) according to his profile, position and business, for optimal protection of data and Sensitive applications.