as/400 security all you want to know about: jim stracka pentasafe exit programs
TRANSCRIPT
![Page 1: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/1.jpg)
AS/400 SecurityAll you want to know about:
Jim Stracka
PentaSafe
Exit Programs
![Page 2: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/2.jpg)
2
Outline
Exit Program OverviewWhy do I need exit-programs?What is purpose of exit-
programs?If exit-programs don’t exit, why
are they called exit programs?
Sample exit program Limit file transfer and commands
Design Alternatives
![Page 3: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/3.jpg)
3
1980s
Security Has Changed
TodayFixed
FunctionDisplays
Remote Systems
Internet
E-Commerce
Menu Security
OK
Menu security worked when users had no other access
Menu security ineffectivefor today’s environment
MenuSecurity
PC Users
PC
![Page 4: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/4.jpg)
4
Other Access Data
Remote Systems
Internet
DDM (Distributed Data Management) File TransferRemote Commands
FTPFile TransferRemote Commands
Shared Folders
FTPFile TransferRemote Commands
TelnetIFS (Integrated File
System)
ExitProgram
Exit Programs can restrict requests
![Page 5: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/5.jpg)
5
PC Access Data
Work-stationEmulation
Fixed function display
Printer Support Shared Folders & Documents Remote Commands File Transfer API - Data Queue API - ODBC IFS (Integrated File System)
Work Station
Menu Security
Messages
ExitProgram
Exit Programs can control
PC requests
PC
![Page 6: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/6.jpg)
6
Why Exit Programs
Can object security be used to protect data?
YES AS/400 security can lock up data.
HOWEVER Security design often
makes security protection ineffective make security
ineffective
![Page 7: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/7.jpg)
7
Why Exit Programs
What security designs make object security ineffective?
Group Profile Owns
Objects Production
Owner
GroupProfile
EndUser
EndUser
EndUser
Excessive Public
Authority
Production Data
*PUBLIC*ALL
Excessive Special
Authority
SPCAUT*ALLOBJ
Need to provide additional protection
![Page 8: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/8.jpg)
8
Why Exit Programs
Users are authorized to data because of existing applications
Need exists to prevent the user from using their access outside of applications
Need to provide additional protection
EXIT PROGRAMS provide additional protection for application data
![Page 9: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/9.jpg)
9
What are Exit ProgramsExit programs are installation provided programs used to supplement security
ExitProgram
Actions often performed in exit programs:
Monitor user activity
Modify user requests Assign user profile to anonymous sign-on Review request to determine if request meets installation rules
Reject requests that do not meet installation rules
The purpose of exit programs is not to exit
![Page 10: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/10.jpg)
10
Request ProcessingIf these programs don’t exit, why are
they called “Exit Programs”?Exit
Program
Programs are called exit programs because the system (OS/400) exits to a user program in the middle of a request
request
1. Another system generates a request
AS/400Ser
ver
2. Server called to process request
Exit Program
3. Server calls “exit program” to validate request4. Server rejects or processes the request
![Page 11: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/11.jpg)
11
Request Processing
AS/400Ser
ver
request
PARAMETERSAS/400 Server
User Exit Program
4
1
Server calls user exit program with parameters
2
Exit program analyzes the parameters
3
Exit program sets return code
Server rejects or performs the request based on exit program return code
![Page 12: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/12.jpg)
12
Network Attributes
DDMACC PCSMACC
Specifying Exit Programs
How are exit programs specified?
There are two methods to name the exit programs
Limited number of request types- Distributed Data Management- PC support (Client Access)
One exit program per network attribute
Registration
Facility
Multiple request types-Distributed data-Client Access-Integrated File System-Internet (FTP, Telnet)-Security- ...
Multiple exits specific to function
![Page 13: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/13.jpg)
13
DDMACC*OBJAUT - Request access determined by
object authority
*REJECT - Prevent all requests
Lib/Pgm - Qualified name of exit program
PCSACC
*OBJAUT - Request access determined by
object authority
*REJECT - Prevent all requests
*REGFAC - Use registration facility
Lib/Pgm - Qualified name of exit program
Specifying Exit Programs NetworkAttributes
CHGNETA DDMACC(lib/pgm) PCSACC(lib/pgm)
Must have *ALLOBJ special authority to change the network attributes
![Page 14: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/14.jpg)
14
WRKREGINF
Specifying Exit Programs
Work with Registration Information Type options, press Enter. 5=Display exit point 8=Work with exit programs Exit Exit Point Opt Point Format Registered Text _ QIBM_QHQ_DTAQ DTAQ0100 *YES Original Data Queue Server _ QIBM_QJO_DLT_JRNRCV DRCV0100 *YES Delete Journal Receiver _ QIBM_QLZP_LICENSE LICM0100 *YES Original License Mgmt Server _ QIBM_QMF_MESSAGE MESS0100 *YES Original Message Server _ QIBM_QNPS_ENTRY ENTR0100 *YES Network Print Server - entry _ QIBM_QNPS_SPLF SPLF0100 *YES Network Print Server - spool _ QIBM_QOE_OV_USR_ADM UADM0100 *YES OfficeVision/400 Administrati _ QIBM_QOE_OV_USR_SND DOCI0900 *YES OfficeVision/400 Mail Send Ex _ QIBM_QOK_NOTIFY VRFY0100 *YES System Directory Notify Exit _ QIBM_QOK_SUPPLIER SUPL0100 *YES System Directory Supplier Exi _ QIBM_QOK_VERIFY VRFY0100 *YES System Directory Verify Exit More... Command ===> F3=Exit F4=Prompt F9=Retrieve F12=Cancel
8
RegistrationFacility
![Page 15: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/15.jpg)
15
Work with Exit Programs Exit point: QIBM_QLZP_LICENSE Format: LICM0100 Type options, press Enter 1=Add 4=Remove 5=Display 10=Replace Exit Program Exit Opt Number Program Library _ ___________ ___________ (No exit programs found.) Bottom Command ===> F3=Exit F4=Prompt F5=Refresh F9=Retrieve F12=Cancel
Specifying Exit Programs
1 PROG1 MYLIB
When a request arrives PROG1
will be called
RegistrationFacility
![Page 16: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/16.jpg)
16
Exit Points
What exit points are used for a specific request?
What are the parameters passed to an exit?
Exit points are documented in the following publications
Client Access (File transfer, ODBC)AS/400 Client Access Host Servers SC41-5740
Distributed Data Management (DDM, remote commands)AS/400 Distributed Data Management SC41-5307
Internet (Telnet, FTP)TCP/IP Configuration and Reference SC41-5420
SecuritySystem API Reference Security APIs SC41-5872
No good documentation
available
![Page 17: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/17.jpg)
17
Outline
Exit Program OverviewWhy do I need exit-programs?What is purpose of exit-programs?If exit-programs don’t exit, why
are they called exit programs?
Sample exit program Limit file transfer and commands
Design Alternatives
![Page 18: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/18.jpg)
18
CALL EXIT (RTNCDE STRUCTURE)
Field Format SizeUser profile name Char 10Application name Char 10Function Char 10Object name Char 10Library name Char 10Object type Char 7Format name Char 10Variable data length Zoned 5, 0Variable data Char *
'0' NO'1' OK
Exit Programs
AS/400 Distributed Data Management SC41-5307Client Access Server Concepts SC41-5740
![Page 19: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/19.jpg)
19
Applic function / operationation
*LMSR license management REQUEST RELEASE*VPRT virtual print EXTRACT CHECK OPEN
*TFRFCL file transfer SELECT JOIN REPLACE EXTRACT AS/400 -> PC retrieve information SELECT AS/400 -> PC download file JOIN AS/400 -> PC download joined file REPLACE PC --> AS/400 UPLOAD file
Operation code by Function
![Page 20: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/20.jpg)
20
Applic function / operationation*FLRSRV shared folders type 2 CHANGE CREATE DELETE EXTRACT MOVE OPEN RENAME*MSGFCL messages SEND RECEIVE*DDM distributed data management ADDMBR DELETE RENAME CHANGE EXTRACT RGZMBR CHGMBR INITIALIZE RMVMBR CLEAR LOAD RNMMBR COMMAND COPY MOVE LOCK CREATE OPEN UNLOAD
Operation code by Function
SubmitRemote
Command
![Page 21: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/21.jpg)
21
PGM PARM(&RTNCODE &DATA) DCL &DATA *CHAR 30 DCL &RTNCODE *CHAR 1 DCL &FUNC *CHAR 10 CHGVAR &FUNC (%SST(&DATA 21 10)) IF (&FUNC = 'COMMAND ') + THEN( CHGVAR &RTNCODE '0') ELSE CHGVAR &RTNCODE '1'ENDPGM
Prevent Remote Commands
2. Change network attributesCHGNETA DDMACC(STOPCMDS)
1. Create CL programCRTCLPGM STOPCMDS SRCFILE( )
![Page 22: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/22.jpg)
23
MONMSG CPF0000 EXE(GOTO EXIT) /*If error exit*/ CHGVAR &RC '1' /*Allow request*/ CHGVAR &USER %SST(&STRU 1 10) /*Get user */ CHGVAR &APP1 %SST(&STRU 11 10) /*Get appl */ CHGVAR &APP2 %SST(&STRU 21 10) /*Get function */ /*Do not log IBM request to check license */ IF (&APP1 = '*LMSRV') GOTO EXIT IF &USER = 'XXXXXXXXX') GOTO LOG /* Prevent use of remote commands */ IF (&APP1 = '*DDM' *AND &APP2 = 'COMMAND') + CHGVAR &RC '0' /* Prevent the request */ ELSE /* Prevent file upload from PC users */ /* File download to PC is not prevented */ IF (&APP1 = '*TFRFCTL' *AND &APP2 = 'REPLACE') + CHGVAR &RC '0' /* Prevent the request */ /* Log request in the audit journal */LOG:CHGVAR &TYPE ( 'X' *CAT &RC) SNDJRNE QAUDJRN TYPE(&TYPE) &ENTDTA(&STRU)EXIT:ENDPGM
Good Way to Monitor Use
Exit Program ExamplePrevent Remote Commands and File Upload
2 of 2
![Page 23: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/23.jpg)
24
The Exit Point Will Depend Upon the Operating Client Operating System
Exit Program Usage
File transfer fromOperating
SystemInter
activeAPI ODBC
DOS EXIT1 EXIT1 N/AWin3.1
EXIT1 EXIT1 EXIT2
Win95/98/NT
EXIT2 EXIT2 EXIT2
Description Exit Point EXIT1 = Original File Transfer QIBM_QTF_TRANSFER EXIT2 = Data Base Server QIBM_QZDA_NDB1
![Page 24: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/24.jpg)
25
Original File Transfer
Windows 95 and
NT File Transfer
Exit Program Usage
EXIT1EXIT2
Two programs are required becauseparameters are different
Difficult to determine if request was upload or
download
![Page 25: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/25.jpg)
32
Outline
Exit Program OverviewWhy do I need exit-programs?What is purpose of exit-programs?If exit-programs don’t exit, why
are they called exit programs?
Sample exit program Limit file transfer and commands
Design Alternatives
![Page 26: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/26.jpg)
33
Exit Design Alternative
Compare to constant
IF (&USER = ’ELLEN ’)
Advantages• Excellent performance• Easy to determine program flow
Limitations• Must recompile program to make any change• Security specification uses a different technique
Constant
![Page 27: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/27.jpg)
34
Exit Design Alternative
Read from File
Advantages• Good performance• Add and remove users without recompiling program
Limitations• Program logic more complex• Security specification uses a different technique
Exit Program Read
![Page 28: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/28.jpg)
35
Exit Design Alternative
Authorization list users
Advantages• Good performance• Add and remove users without recompiling program• Security specification uses a same technique
Limitations• Program logic more complex
Exit Program
CHKOBJ
AuthorizationList
List ofUsers
![Page 29: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/29.jpg)
36
IF COND(………………. ) THEN(DO)
CHKOBJ OBJ(QSYS/FILEREAD) + OBJTYPE(*AUTL) AUT(*USE)
MONMSG MSGID(CPF9800) + EXEC(CHGVAR &RC '0')
GOTO LOG ENDDO
Possible to check for different authorities *USE for Read actions *CHANGE for Update actions
Check an Authorization List
Exit Program
CHKOBJ
AuthorizationList
List ofUsers
![Page 30: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/30.jpg)
37
File Transfer Transactions
*...+....1....+....2....+....3....+....4....+....5.... WOE *SQL ZDAI0100 WOE *RTVOBJINFZDAR0100X'1800' *USRLIBL WOE *SQLSRV ZDAQ0200X'180C' WOE *RTVOBJINFZDAR0100X'1805' WOE WOE *NDB ZDAD0100X'1802' SOURCE WOE *NDB ZDAD0100X'1805' SOURCE WOE *RTVOBJINFZDAR0100X'1804' WOE WOE *SQLSRV ZDAQ0200X'1803' WOE *SQLSRV ZDAQ0200X'1800' WOE *SQLSRV ZDAQ0200X'1805' WOE *NDB ZDAD0100X'1806' SOURCE
1. Request transferShows user library list
1
2
2. Select Library WOEShows files in library
3
3. Select file SOURCEShows member list
4
4. Specify add member SECOFR during the data transfer
Performs copy
![Page 31: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/31.jpg)
38
![Page 32: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/32.jpg)
39
SUMMARY
Menu security is not adequate to limit a user.
You must protect data from access via the other
Client Access servers:• FILE TRANSFER• REMOTE COMMANDS• FOLDER ACCESS
Use exit programs to supplement object security
![Page 33: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/33.jpg)
40
Summary
Specifying exit program using network attributes is not recommended Increase overhead Network attributes a
limited set of exits
Use Registration Facility to specify exit programs
![Page 34: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/34.jpg)
41
Information Sources
Exit Point Documentation Client Access (File transfer, ODBC)
AS/400 Client Access Host Servers SC41-5740 Distributed Data Management
(DDM, remote commands)AS/400 Distributed Data Management SC41-5307
Internet (Telnet, FTP)TCP/IP Configuration and Reference SC41-5420
SecuritySystem API Reference Security APIs SC41-5872
![Page 35: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/35.jpg)
42
Information SourcesMANUALS
SC41-5300 Tips and Tools for Securing Your AS/400
SC41-5301 AS/400 Security Basic
SC41-5302 AS/400 Security Reference
Internet S325-6321 IBM Secure Way AS/400 and the Internet
G325-6321 AS/400 and the Internet
SG24-4929 AS/400 Internet Security: Protecting Your AS/400 from HARM on the Internet
![Page 36: AS/400 Security All you want to know about: Jim Stracka PentaSafe Exit Programs](https://reader035.vdocuments.us/reader035/viewer/2022062320/56649d965503460f94a7fec7/html5/thumbnails/36.jpg)
43
More ? ?
Jim Stracka
www.pentasafe.com
713-860-9412 - direct