Welcome to Powertech Exit Point Manager for IBM i

WARNING: Prior to version 7.22, Powertech Exit Point Manager was named Powertech Network Security.

NOTE: If you have just updated from version 7.07 or earlier, see Appendix M: Interface Changes in Exit Point Manager 7.08 for a list of green screen interface changes.

Powertech Exit Point Manager for IBM i™ (also referred to as Exit Point Manager) is a comprehensive software solution designed to help you understand and control network access to your Power Systems™ running IBM i data and services. Today, your network can include IBM i servers, PCs, mainframes, and multiple UNIX and Linux systems. In this networked environment, tools like FTP, Client Access Express Data Transfer, Remote SQL, DDM, and others allow easy access to your IBM i data and services. These alternative access methods bypass the traditional menu-based security used by many IBM i installations. In today's networked environment, even attaching one PC to your IBM i introduces a new set of security challenges that you need to consider and deal with effectively.

The IBM i security architecture is very robust, and has received the Department of Defense C2 security rating for "Trusted Systems"-when it is properly configured. The security exposures introduced by network data access tools like FTP and ODBC do not indicate a failure on the part of IBM i security. Instead, the data access level you provide to a user using IBM i security for green screen access through menus and screens is not the same level of access you want to allow using network tools like ODBC.

For example, the IBM i authority that allows a user to view the contents of a Payroll file is the same authority needed to download the file to a PC and post it on the Internet. IBM recognized the potential issues and introduced additional security features to manage the problem. Powertech Exit Point Manager leverages these additional features to provide a separately controlled level of network data access and service access.

The following table provides an overview of the IBM i authorities and the capabilities of users to access and manipulate data and other objects using three different access methods.


Authority	IBM i Green Screen User	PC User without Exit Point Manager	PC User with Exit Point Manager
*USE	Restricted by menu security	View, download file	Controlled by Exit Point Manager
*CHANGE		Add, change, delete records
*OBJMGT		Clear or replace file
*ALL		View, add, change, or delete file

For example, consider payroll supervisor Bob:

Bob has *ALL authority to the payroll master file so he can make changes to pay rates and add new employees through green screen menus.
However, Bob is also familiar with programs like Microsoft Excel and Microsoft Access. Using these PC-based programs, Bob's *ALL authority allows him to add, change, and delete records from the payroll master. In fact, he could delete all the records from the file, or even delete the file altogether. Even a simple typing error on Bob's part could wipe out the entire payroll file.
By configuring Powertech Exit Point Manager to control Bob's network access authorities, you can easily prevent any of these scenarios.

View as PDF

7.26 | 202103100924 | March, 2021