Adinsec is the Benelux partner of Net’Q GmbH (www.net-q.com) and offers the APPN-EE-Firewall product for z/OS and OS/390 to large organisations in the Benelux.
APPN-EE-Firewall combines the former Classical Security Exit and the Security Guard Client Server of Net’Q GmbH’s SNA/APPN Security Firewall, with extra functionality added. The product is designed to protect mainframe networks against hacking on legacy networks and Enterprise Extender. It runs on the mainframe and detects anyone trying to set up an APPN or SNA session in which this mainframe is involved.
Whereas SNA used to be a closed and secure environment, APPN has opened up this environment and a lot of new security issues were introduced. SNA Session Management Exits in large organisations are typically not APPN-proof.
APPN-EE-Firewall from Net’Q GmbH fills in this gap and offers facilities for easy security configuration in large and complex SNA networks, through an online interface.
The ‘Classical Security’ part of the APPN-EE-Firewall is applicable as well in the classic SNA area, as in an APPN context. It makes it possible to monitor every connection between 2 logical units (LUs) and if required, to prevent it. APPN-EE-Firewall checks on NetID, CPname and LUname, wildcards can be used in the security rules for easy set up and further distinctions can be made based upon originating or destination LU (OLU/DLU), primary or secondary LU (PLU/SLU), if desired. Security rules can either allow a session or reject it. The APPN-EE-Firewall writes information about all session attempts to a report file, into SMF records or as console messages.
Example of the configuration panel for this part of the APPN-EE-Firewall:
The APPN-EE-Firewall also comes with conversion routines to automatically convert from former non-APPN-proof tools like CNA (Verimation) or NC-pass (CKS). Automated conversion from other or in-house developed solutions can be investigated on demand.
The ‘Client/Server Security’ part of the APPN-EE-Firewall applies the same principles to client server connections in an APPC/APPN environment.
The APPN-EE-Firewall captures the whole BIND-image during session set up and inspects whether the security settings in this BIND are appropriate and in accordance with the rules that have been set up.
Security should be your highest priority!
Do you want more information on APPN-EE-Firewall? Send us an e-mail.