First, there are lots of good reasons why you want to allow FTP access to your system. It is an easy way to upload and download data to and from your system from remote locations. You can also use it for program maintenance from one System i to another by moving save files between systems. Many System i software vendors, including my company, distribute software updates using some form of an FTP connection to your system. So, don't be afraid of it, but use it wisely.
User profiles and FTP on iSeries
One thing to keep in mind when thinking about FTP is that all the rules of OS security apply to someone connecting to your system. In order to gain access, they must have a valid user profile and password. Once they sign on, your current OS security plan will be in place. So, having a good security implementation tied in to your established user profiles will go a long way toward keeping your data safe.
One additional fact to add into your mix is that in order for data to be accessible to FTP, it must have a minimum security setting of *USE. If you have a user profile that is regularly using FTP and there are concerns about access, make sure that they do not have a minimum setting of *USE for any objects you do not want them working with.
A problem can easily come up, however, when a user profile is used in different contexts. By this, I mean when a user has access to certain sensitive objects for their daily work flow that are accessed by program control. But, that user is also an FTP user and logs in to do file transfers using FTP. Having different contexts could create a security exposure. When this user signs on using FTP, he will still have access to the sensitive data files for which he is authorized from his daily work flow. If this situation exists, you need to address a way to deal with it.
One method, as discussed last time around, might be addressed by implementing controls through the FTP server exit point. You might also think to issue a second user profile to the user for FTP use. This solution is not great since the user can still, by choice, establish an FTP connection under his primary user profile and gain access to sensitive data that way. Far and away, the best solution is through additional exit point controls. This could be set up to disallow an FTP connection under certain known profiles, thereby forcing the user to make his FTP connection through a secondary profile that you provide.
The Sytem i OS also supports profile swapping, which could be another solution to this problem. Using swapping, the user signs on with one profile, but then the OS swaps his profile to look and act like a different profile. Information about this technique can be found at the IBM Information Center and has been a part of the OS since V4R5.
If you have any questions about this topic, send me an email. I'll try to answer any questions you may have. All email messages will be answered.
ABOUT THE AUTHOR: Rich Loeber is president of Kisco Information Systems Inc. in Saranac Lake, N.Y. The company is a provider of various security products for the iSeries market.
This was first published in August 2007