In the beginning of computing, the risk related to network security was limited to internal networks and required limited security measures. With the advancement of technology and with the increased availability of open networks, the security risk has also increased.
To bridge this security gap, IBM introduced remote exit points, which are hooks that allow you to monitor network traffic. Through customized exit point programs, you can see who is accessing files and programs on your IBM i through server transactions like FTP, TELNET, and ODBC, and, although exit points cover many traditional network transactions, there is still a security gap.
If you are currently monitoring your network transactions through exit points, you may have noticed certain network data still not being tracked. For example, you will not see System i/Operations Navigator data, or Secure File Transfer Protocol (SFTP) or Secure Shell (SSH) traffic. It is recommended to use these newer protocols for network transactions so you avoid the weakness of protocols such as FTP and TELNET, where data is transmitted in clear text but, while this transition to newer, more secure protocols prevents one security risk, it also opens the door to another in monitoring network traffic.
How can I monitor this traffic?
The reason you are not seeing this data traffic is due to protocols like SFTP and SSH using socket communication which bypasses traditional remote exit points. The way to avoid this security exposure is to monitor your socket communications. The following three exit points are available since IBM i 7.1 and help you monitor socket communications more easily than in previous operating system versions.
User Exit Point
|QIBM_QSO_ACCEPT||Enables a custom exit program to allow or deny incoming connections based on the restrictions set by the programs.|
|QIBM_QSO_CONNECT||Enables a custom exit program to allow or deny outgoing connections based on the restrictions set by the programs.|
|QIBM_QSO_LISTEN||Enables a custom exit program to allow or deny a socket the ability to listen for connections based on the restrictions set by the programs.|
These exit points can be used, at minimum, to monitor your network traffic across socket communications. It is recommended that you write exit programs or get a third party socket security solution to manage your socket transaction data.
For more information on Network Security