SDS Software

(800) 443-6183

Product Trials

Product Webcasts

Home » SFM

Search

SFM

Precise, Low-Overhead Security for FTP Servers and Clients on z/OS

The original FTP model does not include basic security safeguards. Its shortcomings include clear-text transmission of security information, little granularity in access rules, and no audit trail.

The Computer Emergency Response Team (CERT) has documented hundreds of security issues with the use of FTP, many of which represent catastrophic exposures.

SFM addresses FTP’s security shortcomings by integrating fully with mainframe SAF security (RACF, ACF2, or TopSecret) and by making it easy to change standard FTP traffic into encrypted FTP traffic.

SFM users can secure individual FTP commands. SFM can, for example, allow read access to a data set while preventing its off-site transfer, or allow transfer of sequential files but not JES files.

SFM lets you to treat commands to the z/OS FTP server as secure resources. You can selectively disallow any FTP server command, including individual functions of the powerful SITE command. You can allow FTP users to transfer the files they need, while preventing them from using FTP to snoop around.

SFM, teamed up with an SSH Tectia SOCKS proxy, can encrypt traffic to and from a z/OS FTP client and transmit it through an SSH tunnel. SFM and SSH Tectia can also translate FTP traffic into SFTP (secure shell file transfer) traffic.

As far as users are concerned, such tunnelling and translation are automatic and transparent. There is no need to modify the JCL in batch jobs that invoke a z/OS FTP client. For details, click here.
Monitoring & Auditing, Complete FTP Traffic Records

Customers, regulators, and business partners hold you accountable for slow performance, delayed data, lost or stolen files. A growing body of government regulations (Sarbanes-Oxley, Gramm-Leach-Bliley Act, HIPAA) mandate processes for adhering to standards and providing audit trails.

SFM provides immediate, real-time alerts when FTP jobs fail, and a comprehensive end-to-end audit trail. SFM’s detailed tracking and logging of all FTP and SSH Tectia file transfers and file transfer sessions tells you who transferred what, when, where, how. Was the transfer authorized? Was it successful? SFM answers these questions and more.

SFM comes with standard inquires, such as reporting on the top 10 FTP users, jobs, file sizes, and transfer times, and listing problem sessions, failed transfers, suspect transfers, and failed attempts to log onto a server.

FTP auditors can review every aspect of transfer history, easily getting details for a given system, FTP session, file transfer, or user ID.

While most treat FTP transfers as isolated events, SFM logs entire sessions, so you can see each transfer in context: What lead up to a failed transfer? What other transfers were attempted in same FTP session? You will see your FTP activity in a whole new way.
Automation: Control z/OS FTP Clients On-Line; Script FTP commands in z/OS Batch Jobs

Typically, upgrading standard FTP on z/OS to a more secure configuration requires revising the batch jobs that rely on the FTP client. That means editing, testing, and dealing with production red tape.

Typically, an outage in FTP operations must be discovered, and then manually handled—often by restarting the entire operation. The costs add up: There’s the time lost while discovering the unusable file, the time to re-start FTP, the time to duplicate the transmission.

But now SFM provides a revolution in FTP automation.

SFM can dynamically control configuration of the z/OS FTP client. It can recognize batch jobs by name, job step, and user ID, then reconfigure the FTP client to use a specific route—clear text, SSL/TSL encryption, an SSH tunnel, or SFTP.

SFM’s controls for such work are simple, intuitive web-browser displays. You can change FTP client configuration and direct alerts to e-mail addresses dynamically and easily. There is no need to whatsoever to revise JCL and test new batch jobs.

With SFM’s FTP Control Language (FCL) you can conditionally execute FTP commands. Execution of one FTP command can depend on the success of the previous command, or on the server reply, or on the client condition code.

Batch jobs with FCL can conditionally retry a failed transfer, wait before passing to the next FTP command, act on some failures but ignore others, log messages to the system console, and notify the right people by e-mail when automated recovery is not possible.

FCL is simple to implement. It is fully compatible with existing FTP command syntax. Best of all, FCL is implemented at a global level with no risk to existing FTP jobs. You can count on FCL to deliver enhanced FTP with greater predictability, security and performance.

In addition, SFM can log every FTP transfer to the system console, or more likely, every failed transfer, providing means to further control and automation system wide.
Summary

FTP use has exploded in the past several years. Unfortunately, FTP might be the biggest threat to your z/OS data infrastructure.

The inherent shortcomings in FTP have costs, seen and unseen, in the areas of security, automation, and visibility.

SDS’s new SFM software overcomes serious FTP obstacles by instantly providing:

• Appropriate security all across your organization, for both clients and servers.
• Comprehensive workload monitoring and management to ensure that you can meet your business needs.
• Easy-to-use and fully robust controls over the configuration and behavior of z/OS FTP clients.
• Thorough audit trails to assure compliance.

• SFM
• Trial
• Webcast
• Specifications
• Videos / Slide Shows
• Whitepaper
• Brochure
• FTP Security
• SSH Tectia and SFM
• How Much FTP?