Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Overview
Firewall
A solution which secures every type of access to and from System i, within & outside the organization
Market Need
Hacking Open TCP/IP environment has increased System i risks
Many remote activities are now easy Initiating commands Installing programs Changing data Moving files
Firewall Features
Airtight protection from both internal and external threats
Covers more exit points than any other product Protection from User Level to Object Level Protects both incoming and outgoing IP addresses
Unique layered architecture - easy to use and maintain Excellent performance - especially in large environments User-friendly Wizards streamline rule definitions
Historical data statistics enable effective rule definition Best-Fit feature formulates rule to suit each security event
Tests existing Firewall rules Enables defining rules based on the simulation
Firewall Scenario
Monday, Midnight
5 Minutes Later
Got it! Im inside IronTrust Bank systems. I really need a new sports car Lets extract a few hundred thousands...
Tuesday, Midnight
OK, now lets try SMART Insurance this should take about 5 minutes!
Our Firewall just blocked a break-in attempt. Ill have the identity, time and IP address in a minute.
5 Hours Later
Hey, what are all those security layers? And all these protected exit points I cant get through there goes my new car!
Firewall Info
Firewall Gateways
iSecurity Firewall Gateways IP Address User Verb File Library Commands Other products Gateways IP Address
i5 server
Firewall
FTP Network PC Internet Telnet ODBC
IP/SNA Firewall
User/Verb
User-to-Service/Verb/IP/Device/ Application
Object
Remote Internet (WSG): User IP address Logon Internet (WSG): User to to IP address
Telnet: Terminal based onon IP-SSL, Automatic Signon, Naming Telnet: Terminal based IP-Automatic Signon Passthrough: User to System name (SNA) Passthrough: User* to System (SNA), Replace user
Firewall GUI
GUI Example
User Management
21
22
23
Current FW definitions
24
25
26
From Log: Create Detection rule Populates the Filter with Data from Request
27
Visualizer
Visualizer
Tool for presenting at-a-glance graphic views of log data from Firewall Immediate response to queries for any database size Analyzes network access activity (Firewall) and system journal events
(Audit) to pinpoint breaches and trends
29
Firewall
Audit
Visualizer
30
32
33
And Continue investigating, filtering by Directory & down to the SQL Verb level!
34
Thank You!
Please visit us at www.razlee.com