Building Firewall Rules with the Rule Wizards
Firewall's unique Rule Wizards feature makes security rule definition a snap, even for non-technical system administrators. Using the Wizards, you can easily build customized rules for your system based on the activity that happens on it. You can examine, create, and modify rules in real time and easily check the results.
The Wizards use a simple two-step process. First, you have Firewall examine its logs of activity requests, looking specifically at criteria (corresponding to the iSecurity Layered Security Design) such as:
- the Server or Exit Point (such as FTP, Telnet, SSHD, and DBOPEN) on which the activity was requested
- the IP addresees or SNA system names to or from which the request was sent
- the User or Group requesting the activity
- the Native or IFS object on which the activity would operate
| Summarize Native AS⁄400 Log (CPRNTVSEC) Type choices, press Enter. Object . . . . . . . . . . . . . *ALL Name, generic*, *ALL Library . . . . . . . . . . . *ALL Name, generic*, *ALL Object Type . . . . . . . . . . *ALL *ALL, *FILE, *LIB, *DTAQ... User . . . . . . . . . . . . . . *ALL Name, *ALL Group by . . . . . . . . . . . . *DFT *DFT, *USER, *GRPPRF... Allowed . . . . . . . . . . . . *ALL *YES, *NO, *ALL Starting date and time: Starting date . . . . . . . . *CURRENT Date, *CURRENT, *YESTERDAY... Starting time . . . . . . . . 000000 Time Ending date and time: Ending date . . . . . . . . . *CURRENT Date, *CURRENT, *YESTERDAY... Ending time . . . . . . . . . 235959 Time Number of records to process . . *NOMAX Number, *NOMAX Server ID . . . . . . . . . . . *ALL *ALL, *FILTFR, *RMTSRV... Bottom F3=Exit F4=Prompt F5=Refresh F12=Cancel F13=How to use this display F24=More keys |
You can focus your search further by specifying the date and time that the activity began and ended as well as whether the activity was accepted or rejected. You can group the result by different criteria.
From the main screen for each Wizard, you can see a visual presentation of the rules that are in effect and of their results. You can see further information about the rules, delete and change them, and automatically adjust them so that they correspond to the activity that actually happened during that time.
| Plan Security for Native Objects Subset: Type . . . Type choices, press Enter. Library . 1=Display statistics 2=Allow by use Object . . 4=Delete 5=DSPFWLOG 6=Create Rule User . . . 7=WRKOBJ 8=EDTOBJAUT 9=Add similar Higher level only (Y-Yes) G=Groups U=Users E=CHGUSRPRF O=WRKOBJ C>R=Current to Revised Specify revised authority in the R column. Y/S Alw/Skip Y=Allow, S=Skip N Rejected N=Reject Non-existing objects marked with red. Y/S Alw/Skip (fr higher level) N Rejected (fr higher level) Rd Wrt Crt Dlt Rnm Otr User Group/ Opt C>R C>R C>R C>R C>R C>R Type Object Library *User Entries Y N N N N N FILE MNTLOG QNEWNAVSRV QWEBADMIN 2 Y N N N N N FILE QINAVMNTRG QNEWNAVSRV QWEBADMIN 30 Y Y Y Y Y S FILE QAS9AUDLOG QSRVAGT QSRVAGT 6 Bottom F3=Exit F6=Add New F8=Print F12=Cancel F17=Allow by use globally |
To run the Rule Wizards, type 45 on the command line from the main Firewall screen (STRFW > 45). (You can also reach specific Wizards from other points within the system.)
The main Rule Wizards screen appears:
| GSWZRMNU Rule Wizards Firewall System: S520 Wizards Helps you to 1. Servers Check usage of servers. Recommended setting for unused servers is *REJECT. This is a query only. 2. Incoming IP For each IP range (for example company branch), 21. Re-use specify permitted operations. 3. Outgoing IP Restrict target where data is sent to by IP ranges 31. Re-use defined. 4. Users Specify the services which a User, Group Profile or 41. Re-use Internal Group is permitted to use. 5. Native Objects Specify who can use specific objects (FILES, COMMANDS, 51. Re-use etc.) and how (Read, Write, Update, ...). 6. IFS Objects Specify who can use IFS Objects (folder⁄file*), and 61. Re-use how (Read, Write, Update, ...) 99. Advanced Options Wizards summarize recent activity, compare it to current security setting, and enable creating⁄modifying rules. Enter new setting in R=Revised column. Selection or command ===> F3=Exit F4=Prompt F9=Retrieve F12=Cancel F13=Information Assistant F16=AS⁄400 main menu |
You can run the Rule Wizards from this screen, as well as from other points within Firewall:
- Servers or Exit Points
- To see the current security state of the Servers or Exit Points, type 1 and press Enter. The Transaction Summary by Type for User screen appears, as shown in Displaying Firewall Activity by Server.
- Incoming IP ranges or SNA System names
- To collect information and create rules based on the Incoming IP ranges or SNA System names from which requests came, type 2 and press Enter. The Summarize Incoming IP Address (CPRIIPSEC) screen appears, as shown in Creating a Data Set of Incoming Activity by IP Address with the Rule Wizard.
- To create rules based on data about Incoming IP ranges or SNA System names that you have already collected, type 21 and press Enter. The Plan Incoming IP Security screen appears, as shown in Analyzing Recent Data on Incoming Activity by IP Address with the Rule Wizard
- Outgoing IP ranges
- To collect information and create rules based on the Outgoing IP ranges to which requests were sent, type 3 and press Enter. The Summarize Outgoing IP Address (CPROIPSEC) screen appears, as shown in Creating a Data Set of Outgoing Activity by IP Address with the Rule Wizard.
- To create rules based on data about Outgoing IP ranges that you have already collected, type 31 and press Enter. The Plan Outgoing IP Security screen appears, as shown in Analyzing Recent Data on Outgoing Activity by IP Address with the Rule Wizard
- Users and Groups
- To collect information and create rules based on the Users and Groups requesting the activity, type 4 and press Enter. The Summarize User AS/400 Log (CPRUSRSEC) screen appears, as shown in Creating a Data Set for Users and Groups with the Rule Wizard.
- To create rules based on data about Users and Groups that you have already collected, type 41 and press Enter. The Plan User Security screen appears, as shown in Analyzing Recent Data on Users and Groups with the Rule Wizard.
- Native Objects
- To collect information and create rules based on the Native Objects on which the activity would operate, type 5 and press Enter. The Summarize Native AS/400 Log (CPRNTVSEC) screen appears, as shown in Creating a Data Set on Native Objects with the Rule Wizard.
- To create rules based on data about Native Objects that you have already collected, type 51 and press Enter. The Plan Security for Native Objects screen appears, as shown in Analyzing Recent Data on Native Objects with the Rule Wizard.
- IFS Objects
- To collect information and create rules based on the IFS Objects on which the activity would operate, type 6 and press Enter, The Summarize .IFS Objects Log (CPRIFSSEC) screen appears, as shown in Creating a Data Set on IFS Objects with the Rule Wizard.
- To create rules based on data about IFS Objects that you have already collected, type 51 and press Enter. The Plan IFS Security screen appears, as shown in Analyzing Recent Data on IFS Objects with the Rule Wizard.