Exit Points and Why Menu Security Isn’t Enough


Exit points: something many IBM i people have heard of, but often don’t really understand or aren’t sure if they need them.

An exit point isn’t really a security term as much as an application term. An exit point allows the extension of an existing function.

In our case, when we talk about exit point security, what we’re typically discussing is connections through services like FTP and ODBC. The exit point enables an exit program to add some functionality that isn’t there in the base operating system.

For security purposes, what we’re looking for is the ability to audit and even potentially control access through those exit points. One thing a lot of people misunderstand with exit points is that their application security or menu security is going to protect them from users coming in through those methods. But the reality is that most of those interfaces actually side-step the menu, side-step the application security and allow the user to access the database directly.

You also have to understand that there are a lot of different exit points. In fact, there are almost 30 of them in IBM i, and you want to make sure they’re all being protected. We’re not just talking about FTP—we’re also talking about DDM, which is a file communication protocol. We’re also looking at sockets, which are overseeing Java programs coming into the system.

You have to bear in mind that these are typically going to be the attack vectors that you’re most susceptible to. Not only the fact that we don’t have any security controls in many instances, but also the fact that anybody trying to hack your system is typically going to use these fairly industry-standard protocols.

The surprising thing is three-quarters to two-thirds of you are not actually using those exit programs today, according to the latest State of IBM i Security Study, so you absolutely want to include that technology on your radar. The nice thing about it is that it’s very easy to implement.

Understand that there’s a lot of different functionality that needs to be covered through the exit points, along with the fact that we can remediate that pretty easily.

If you have any questions about exit points or exit programs, want to understand more about the technology, reach out to us and we’ll be happy to provide you with the information you need.

If you're ready to start securing your exit points, we can help. Request your custom demo of our exit point security software today >

Are your exit points protected? Find out with a free IBM i Security Scan.