Network Security

Release notes are also available for Network Security for Insite.

September 2017

Version: 7.15
Enhancements
  • Access control for Sockets-related exit points has been added.
    • Socket Rules and Conditions can be configured to accept or reject socket transactions for the QSOLISTEN, QSOCONNECT, and QSOACCEPT servers.
    • Multiple Socket Rule Conditions are evaluated according to a preferred sequence.
    • Socket Rules can be tested to ensure correct behavior on the system before they are activated.
    • Reports have been enhanced to support reporting of socket activity.
    • For more information, see Socket Rules (green screen) and Socket Rules (Insite web UI).
Accompanying Central Administration Updates
  • Auditing strategies have been added to support auditing of Socket Rules.
Version: 7.14
  • Better handling of damaged objects. A change was made so objects that are known to occasionally become damaged (User Index; Data Queue) are better handled. Where possible the product has been changed so that it self corrects these situations.
  • Error RNX0100 when running Event Reports has been resolved.
  • Exit point programs no longer change the job’s library list to include the Central Administration and Network Security libraries without removing them. (This was particularly an issue with FTP, since FTP can be done in an interactive job leaving the library list changed until sign off.)
  • Secure Screen:
    • A problem causing Secure Screen Monitor to fail with MCH3401 has been resolved.
    • Inability to Edit/Copy/Display in the Secure Screen Filter has been resolved. (Previously, a screen defect was causing options 2 (Edit), 3 (Copy), and 5 (Display) to always bring up the last item in the list instead of the selected one.)
    • Error "Object (sbsd) in library *LIBL not found" has been resolved. (Previously, when adding a secure screen filter, if you prompted for an *SBSD entry and selected one not in your job’s library list (PTWRKMGT for example), the entry would not be added with the following error displayed: "Object PTWRKMGT in library *LIBL not found".)
Accompanying Central Administration Updates
  • Better handling of damaged objects. Objects that are known to occasionally become damaged (User Index; Data Queue) are better-handled. Where possible, the product has been changed so that it self-corrects in these situations.
  • The Central Administration product library (PTPLLIB) is permanently placed in a job’s library list when a profile is created, changed, or deleted. A job’s library list is now returned to its original state after Central Administration processes a user profile function that was processed by the product’s exit point programs.
  • A problem causing inactivity of the monitor job (without visible errors) has been resolved. The PPLCMNSVR monitor job had a built-in feature that was acknowledging the QSTGLOWLMT system value. That feature was added to better handle an Operating System defect that existed in some base Operating System releases. The PTF that addresses this defect is now included in all base Operating System releases negating the need for this built-in feature, which has been removed.
  • Event processing and integrity improvements.
  • Entering the History Browser no longer results in Message ID CPF2419 and/or CTL0001 in the job log. The CPF2419 message typically appeared when an end point system running Network Security existed in a different library than that of the Management System (i.e. manager using PTNSLIB and end point using PTNSLIB07).
  • A problem causing the PPLCMNMON monitor job to remain inactive (with log ID T410012) has been resolved. The PPLCMNMON monitor job was unable to start due to the /tmp directory being so large that the Unix stat function failed with error “Object is too large to process.” The stat function has been replaced with stat64, which is specifically designed to handle larger objects.

June 2017

Version: 7.13
  • A change has been made within the event monitor processing pertaining to captured transactions in order to improve this job’s overall performance.
  • The installation process has improved support for systems with a large number of locks at the time of install.

May 2017

Version: 7.12
  • PIV0013 error "Object is in use" for LNSUSA02 and LUSER01 during installation has been resolved.
  • When creating a new Object List Rule, if a User or Location Rule already exists, a message is now sent and the Object List Rule is set to Inactive.

April 2017

Version: 7.11
  • Performance enhancement: Network Security now attempts job interrupts in a more efficient manner.
Version: 7.10
  • A merge issue impacting installation was resolved.
Version: 7.09
  • A merge issue impacting installation was resolved.

March 2017

Version: 7.08
  • Easily define and manage groups of network users. A collection of user profiles can now be quickly and easily managed from directly within Network Security.
    • A new type of User Rule has been added. Network Security's new User Groups are containers for groups of user profiles that can be used in place of user profile names when defining a User Rule.
    • Ranked sequence. User Groups are assigned a sequence number that determines the order they are used in the exit programs. For example, if there are three User Rules with NS User Groups for a specific Server/Function, and all three have USER1 as a member, the rule with the lowest sequence number will be used. (Of course, a User Rule assigned specifically to USER1 for the Server/Function would have priority.)
    • Green screen and web browser support. User Groups can be easily defined and applied to User Rules in the green screen or Insite Web UI.
  • Simplified Green Screen Interface. The green screen interface has been simplified. Previously, management of User Rules was handled on one of three different panels, depending on how the User Rule was invoked. These panels have been consolidated into a single "Work with Security by User" panel. Similarly, all Location Rules are now managed with the "Work with Security by Location" panel. For details, see Appendix M: Interface Changes in Network Security 7.08 in the Network Security Administrator's Guide.
  • Bug Fixes and Usability Improvements.
    • FTP/REXEC sign-on no longer causes the exit program to fail with an MCH3601 (pointer not set) error.
    • A program that is called to check whether SUMCAPTRAN can be started has been fixed.
    • When a transaction is rejected due to a prefilter rule, the reject message is now correctly sent to QSYSOPR.
    • Transactions with leading spaces can now be memorized.

October 2016

Version: 7.07
  • Problems capturing transactions for the *DDM server have been fixed.
  • Disabling Silent Activation no longer fails for ten-character program names.
  • Reports can now be run for user profiles that start with @, #, or $ characters.
  • Failed audits (whose status remains stuck as "Processing") have been resolved.
  • *RMTSRV RMTCMD text for Captured Transactions has been fixed.
  • A stuck semaphore has been detected and fixed (copy to QGPL).

September 2016

Version: 7.06
  • Stuck semaphores causing the Dashboard counters to stop counting has been fixed.

August 2016

Version: 7.05
  • Network Security is now delivered with new deployment functionality, including the ability to stage the product installation.
  • The job queue library on the PTNSGMSTR job description now appropriatly lists PTNSLIB07 when PTNSLIB07 is the product library.
  • Long Distributed Program Calls no longer cause the error RNX0100, causing exit program PTNSLIB/LNSR108P to end abnormally.
  • Network Security 7 now always installs into library PTNSLIB07.
  • Inability to change the 'Rules Enforced' flag (as of Network Security 7.04) has been resolved.

June 2016

Version: 7.04
  • HelpSystems Insite Web Browser Interface support has been added. See HelpSystems Insite and Network Security for Insite for details.
  • Fixes.
    • Failure to run reports when the 'SystemID' contains a single quote has been resolved.
    • An RNX1211 error when attempting to run a Showcase Exit Point has been resolved.
    • Network Security no longer causes an Authority Failure (AF) audit journal entry during Silent Activation.

March 2016

Version: 7.03
  • The MCH3601 (Pointer not set for location referenced) error no longer occurs when attempting to prompt for an IFS.
  • The Reports/Display IFS file function no longer requires the user’s home directory to be root (/).
  • Remote commands run via Visual Basic using the 'IBM i Access for Windows ActiveX Object Library' are now being converted to EBCDIC correctly.
  • A command parameter error no longer appears when trying to run reports.

January 2016

Version: 7.02
  • Audit Reports no longer fail on transactions greater than 9,999 chars.
  • *FTPCLIENT no longer creates blank journal entries.
  • Errors MCH3401, CPF5009, and CPF5034 while upgrading from Network Security 6.xx to 7.xx have been resolved.
  • The History Browser now supports subsetting by subject name.

November 2015

Version 7.01
  • Auditing for IP Address Groups is now available.
  • High I/O counts have been reduced for all LNSR108xx programs.
  • For Object Rule checking, the possibility of looping when parsing an SQL statement has been eliminated.
  • Pre-Filters now display for low authority users.
  • Network Security exit programs now always honor Object Rules.
  • All servers now display Location Rules.
  • The screen no longer fills with the same *ALL Location Rule when using LA against a server with more than one location rule.
  • Network Security Reports now include Transaction Data.

  • Central Administration: During uninstallation, the Profile Change Trap is now unregistered from the profile exit points.

October 2015

Version 7.0
  • Network Security 7 includes the integration of PowerTech Central Administration, which allows you to manage systems across your network from a central server, benefit from Central Administration’s security features, and copy Rules and other configuration settings across systems. The following updates are included with Network Security 7:
  • System Accessibility. Easily switch to any managed system in order to manage Network Security’s configuration, or use other Network Security features, on that system. Switching systems is a feature of both the green screen and Web UI.
  • Convenient Dashboards. Dashboard transaction counts and statistics can now be quickly accessed for any managed system.
  • Central Administration’s Security Tools. All managed systems benefit from Central Administration features, including:
  • Auditing: To verify the integrity of Network Security throughout your network, and ensure adherence to your organization’s security policy, users can run audits to identify and manage Rules (and other Network Security settings) that have been changed on Endpoints directly. Any discrepancy can be resolved easily with a Remedy, accepting the configuration of either the Endpoint or Management System.
  • History Browser: The History Browser displays a list of all events that have occurred on any system that is managed through Central Administration. Any action performed through Central Administration or one of the PowerTech products that work with Central Administration is recorded in the history, including Rule changes, security changes, system inclusions, network configuration changes, and so on.
  • Role-based Security: Central Administration Product Security allows you to perform product security functions, such as working with Roles. A Role is a collection of access rights that define a PowerTech user’s authority over the managed systems.
  • Copy Rules to Managed Systems (Web UI). Once you have configured Rules on the Management System, you can copy them to other Endpoints in order to quickly propagate your security policy across your network.

May 2015

Version 6.54
  • Issues related to PTWRKMGTOW/PTWRKMGT have been fixed.
  • SQL errors in MRGPRVNS have been fixed.
  • The authority check for exit point activation is now using the Current User on the job (instead of the Job User).
  • Remote IP address retrieval for FTP exit points have been cleaned up. (Formerly, retrieving the remote IP address could return blanks that were transcribed as 12 zeros.)
  • The possibility of looping when parsing an SQL statement for object rule checking has been eliminated.
  • Problems related to non-displayable characters in Work with Captured Transactions have been addressed.

February 2015

Version: 6.53
  • *ALLOBJ authority is no longer required to run the PTNSSTRWEB command (used to start the Network Security Web Server). See Starting the Web Server.
  • Only one audit journal entry is now created for 'Possible Intrusion' events.
  • Invalid IP addresses added to IP Address Groupings can now be deleted.
  • The previous day's cache file for the *CLI server is now cleared automatically each day.
  • MCH3601 and LNS0703 errors in exit programs have been resolved, allowing the appropriate journal entries to be written.
  • Only the jar files are deleted from powertech/installs after a product update.

October 2014

Version: 6.52
  • A web UI accessibility issue regarding PTWEB password expiration has been resolved.
  • An MCH1210 error no longer causes program PTNSLIB/LNSR108P to end.
Version 6.51
  • Rules can now be filtered by Type: User or Location.
  • A convenient slide-out menu in the Captured Transactions screen allows you to quickly memorize Captured Transactions.
  • Delete buttons have been added to detail forms.
  • An environment variable can now be used to suppress the PTNSGMSTR job.
  • Performance enhancements have been made to Network Security Activation.
  • Performance enhancements have been made for the *DATAQSRV exit program.

July 2014

Version: 6.5
  • Network Security includes a new web interface designed to allow an efficient, interactive method of managing network traffic. See Web Browser Help in the Network Security Administrator’s Guide for details.
  • Network Security’s new Dashboard, available from the web interface, allows you to monitor transactions controlled by Network Security. See Dashboard for details.

June 2014

Version: 6.21
  • For Print Rules by Location, specifying *ALL for the location now includes all location rules for all locations in the report (rather than only rules defined as location=*ALL).
  • The rule checking order has been fixed for Object Lists.
  • Caching of flags for *MEM rules has been fixed.
  • *RMTSRV and RMTCMD have been converted from Unicode so that transactions from IFS commands are recognized.
  • Rule checking has been fixed for cases when a user profile does not exist.

April 2014

Version: 6.20
  • MCH1210 no longer causes PTNS010701 to end abnormally on the QZDASOINIT job.

February 2014

Version: 6.19
  • Support for Showcase is now available.
  • The “File LNSSVF01 not found” error during the product update procedure has been resolved.

December 2013

Version: 6.18
  • ShowCase exit point support has been added.

November 2013

Version: 6.17
  • MCH1202 error in PTNS010701 has been fixed.
  • Authority Failure journal entries on *FILESRV exit program when not an *ALLOBJ user have been fixed.
  • Database reads for Location/User/Object rule checking have been reduced.

September 2013

Version: 6.16
  • The SUMCAPTRAN process now handles PARTIAL journal receivers.
  • The last collected date, which was incorrect for some captured transactions, has now been corrected.
  • The number of database reads for pre-filters has been reduced, improving performance.
  • *LOCATION rules address groups are now working.
  • Compliance Monitor Consolidator updates for 3.11
  • Check for ibmxmlcrypto.jar in the pre-checker has been removed.
  • A 'wait' panel now appears during export.
  • An e-mail's ‘from’ address can now be changed.
  • Authority Broker reports can now be run in Compliance Monitor (through external reports).
  • Temp files from AB-rpts-via-CM code (for the endpoint startup process) are now cleaned up.
  • A plus sign (‘+’) before '%' or '_' can now be used to indicate ‘%’ and ‘_’ should not be treated as special characters when parsing a filter to convert to regex. (‘+’ is equivalent to an SQL escape character.) The two-character string ‘++’ can be used to specify the single character ‘+’.
  • When a CM batch report definition is deleted, it is now removed from the internal scheduler.
  • NSIS has been enhanced to populate the .exe Details panel with Product info.
  • Integers are no longer incorrectly exported as strings when exporting to Excel format.
  • Compliance Monitor now completely cancels collections initiated by batch reporting.
  • 'used' has been added to memory information logging in the cm3.log file for troubleshooting purposes.
  • For Batch Reporting, the 'Start at' is no longer off if the consolidator and PC timezone settings do not agree on daylight savings time offset.
  • Placement of batch report run slot enforcement is now better. The number of concurrent batch reporting jobs without bouncing consolidator can now be changed. (This is for single or multi-threading batch report jobs.)
  • 'ELF enabled' information now appears on exported PDF reports.
  • A problem has been corrected within scorecards for filters with field-to-field comparisons that have to perform a cast.
  • Enhancements to allow for work within Vagrant Virtual Machine were added.
  • Batch delivery of multi-format reports has been fixed, with improved journal data cleanup and CSV output.
  • Compliance Monitor now attempts to handle (and to send messages) when a CMCOLL row is going to be written with REQUESTOR column set to blanks.
  • The Batch Report owner now propagates when changed.

May 2013

Version: 6.15
  • New menu option for pre-filters to combine user and location rules
  • Corrected error directly following flushing the cache

March 2013

Version: 6.14
  • Performance improvements with the SQL Exit Point
  • Fixed an issue with supplemental group profiles and a looping exit program

January 2013

Version: 6.13
  • Fix RNX0100 in LNSR108TFT when using IPv6
  • Handle parsing of *FROM in an SQL Statement
  • Handle parsing of 3-part names in SQL through PRPDESDCRB when using Object Lists
  • Fix generics on Subset by User under Work with Security by User
  • Allow Subset by User to handle more than 9,999 user profiles

Back to Product Index

 

Copyright © HelpSystems, LLC.
All trademarks and registered trademarks are the property of their respective owners.
Last Published: 201709261131