Re: Other as400 Security

[Chuck Morehead <cbmorehead@xxxxxxxxxx>]

Robin,

Let me first say that I am employed by Nokuse Consulting, which owns Native
Bear Software.  Therefore the following is IMBO - in my biased opinion. :-)

NBS has a product, Security Tracker/400 (www.st400.com), that has a little
different focus than other AS/400 security products that I am aware of.  It
is designed to track, monitor, and report on unusual/suspicious activities
and potential security holes on your system.  It generally satisfies
internal IS audit requirements.  E.g. The latest version of ST/400 was
designed to meet the audit requirements of the Uniform Rating System for
Information Technology, which has been adopted by the regulatory
organizations for banks and S&L's, and the Federal Reserve Banks.  It was
also designed to meet the new requirements that HIPAA will place on
healthcare providers.

If you are looking for a product to implement exit points for you, then
ST/400 is not what you want.  If you are looking for something to monitor
your system and advise you of things such as when a programmer has set a
program to adopt QSECOFR's authority, or to show you unauthorized network
connection attempts that might indicate someone trying to hack your system,
then you should take a look at ST/400.  Or if you are in an industry where
there is a great need for privacy of the information - especially if you are
regulated by the government - you probably should take a look at it.
Depending on your needs you may need ST/400 and another product.  ST/400 is
not a total solution to security, but fills a specific need.

Chuck