Affordable, encrypted 3172 and 3174 controller replacement. Replace up to 32 controllers. Features include: encryption, compression, user authentication, secure remote access. Manage any system in the enterprise from any local or remote location with complete security. Combine with SecureTN3270 Software for a complete solution to your mainframe management needs. Features include: Support for SNA and non, SNA master console and all subsystem consoles including CICS, TSO, and Omegamon, Converts 3174 non SNA, DFT ESCON data streams into LAN-based TN3270E data streams, ESCON channel attached, Local SNA and non-SNA, Secure Remote Access of 3270 sessions, 4U rack mountable chassis, Central user administration, User defined access, Encryption, CompressionSecureAgent Home


Security Requirements for Open Systems
Access—the root of the problem

In support of business objectives, today’s IT environment is an increasingly heterogeneous mix of hosts, servers, and operating systems, which can cause problems for IT systems administrators.

For mainframes, administrators need access at the system level, while for Unix® and Linux® systems, they need root access. A person with root access has total control of the system—both unintended mistakes and deliberate maliciousness can cause catastrophic interruptions in system availability and business continuity (or even sur­vival), therefore, such access is not to be granted lightly.

The concerns inherent in granting root access on Unix and Linux systems are magnified as the computers are distributed geographically (for example, a production data center in one location and the associated disaster recovery site in another) or as the number of systems increases.

Granting root access to a particular user transfers control of that system from the central security administrator to a wider and, therefore, more vulnerable user environment, putting the entire enterprise at risk.

Increasingly valuable data and a corresponding growth in data intrusions have forced network security professionals to reevaluate the practice. An overall shift toward securing access to corporate data and systems sharpens the focus on this critical issue.

As a result, the standard practice of providing root access based solely on operational requirements is coming under increasing scrutiny. Its vulnerabilities have recently been questioned by internal security auditors and by external regulatory agencies.

Out of many discussions with COOs, CIOs and Security Officers, the following require­ments for open system servers emerged:

  • Secure access to root level with a user ID and password known only to the au­thorized individual; that is, no blanket access with a global password

  • Audit logs for root-level access and activity

  • Role-based access controls (RBAC), so a user only can access a server based on his or her job function

  • Central administration of all access controls and for all locations, including backup, disaster recovery, and archive sites—so administrative tasks only have to be done once

  • Issue alerts if attacks are detected or a defined number of unaccepted accesses are counted

  • Encryption of the entire data transfer to ensure security

 

Problem solved—IDG 9074® Secure Root Access Control

Now such requirements (and many other functions) are integrated in the IDG 9074® Secure Root Access Control.

The figure below shows a typical installation.