Posts Tagged field encryption

Linoma Software products are not affected by Heartbleed bug

Posted by on Wednesday, 9 April, 2014

Heartbleed bug graphic from heartbleed.comIf you are a Linoma Software customer using any of our products such as the GoAnywhere suite (Director, Services, Gateway, Open PGP Studio), Crypto Complete, Surveyor/400 or the RPG Toolbox, we are pleased to report that our products are NOT vulnerable to the Heartbleed bug.  

The CVE-2014-0160 exploit, or Heartbleed bug, has made big headlines over the last 48 hours. The Heartbleed bug exploits vulnerabilities in the popular OpenSSL server software potentially allowing the memory of SSL/TLS encrypted systems to be compromised. The bug essentially allows access to the memory of the SSL/TLS protected systems and attackers can potentially steal and read formerly encrypted information such as usernames and passwords, credit card numbers and other sensitive data.  To learn more about the Heartbleed bug please visit Heartbleed.com.  Additional resources allow you to check and see if your website or server is affected by the Heartbleed bug:  Heartbleed Test and LastPass Heartbleed Checker.

GoAnywhere Suite (Director, Services, Gateway, Open PGP Studio)
GoAnywhere does not use native libraries for SSL/TLS and relies on the JSSE libraries of the JVM that GoAnywhere is running on. This exploit does not exist in the JSSE implementation of SSL/TLS.  While Tomcat does, however, have the ability to utilize native SSL/TLS capabilities for its HTTP/S connections with the APR Connectors, GoAnywhere does not employ this functionality.
GoAnywhere Secure File Transfer mobile apps:
For Apple devices: The GoAnywhere Apple app uses the Secure Transport implementation of SSL/TLS and is not affected by Heartbleed.
For Android devices:  The GoAnywhere Android app uses the JSSE implementation of SSL/TLS and is not affected by Heartbleed.

Surveyor/400:
Surveyor/400 does not use native libraries for SSL/TLS and relies on the JSSE libraries of the JVM that Surveyor/400 is running on. This exploit does not exist in the JSSE implementation of SSL/TLS.

Crypto Complete:
Crypto Complete does not use SSL/TLS for Field or Backup encryption and is not affected by Heartbleed.

RPG Toolbox:  Our RPG toolbox does not use any encryption and is not affected by Heartbleed. 

DB2 Field Encryption Has Been Simplified

Posted by on Wednesday, 5 June, 2013

Compliance regulations like HIPAA and PCI DSS have us all looking for more efficient and secure ways to keep sensitive data protected, especially the personal information fields we’ve all come to rely on: social security numbers, credit card numbers, birth dates, driver’s license numbers, insurance policy ID numbers, etc.

Register for DB2 FieldProcs WebinarFortunately, IBM is working hard to meet the growing demands of companies who must store and share private information and compliance auditors who govern how it must be done.  When it released IBM i 7.1, it included a feature for encrypting DB2 form fields to give IT staffs more control.

Surprisingly, not everyone is taking full advantage of these DB2 FieldProcs either because they’re not aware of their benefit, or because they’re waiting for an even more comprehensive approach.

If you fall into either of these groups, then we’ve got good news.  The Linoma Software team is hosting a webinar next week to share tips for how to maximize the DB2 FieldProcs feature in IBM i 7.1.  In addition, we’ll provide some options that could give your processes even more functionality, making things more efficient.

We invite you to grab some lunch and join us for IBM i Field Procedures Simplified with DB2 Field Procedures on June 13 at noon central.  There will be lots of opportunities to ask questions, and we’ll also record the webinar so you can share it with your colleagues.

Hope you’ll be able to join us!

Susan Baird

Susan is the Marketing Manager at Linoma Software, helping promote our secure file transfer and encryption solutions. Her specialty is content creation and social media marketing, and you can find out more about her by viewing her LinkedIn profile.

More Posts - Website - Twitter - Facebook

Simplify Field Encryption on IBM i

Posted by on Monday, 5 November, 2012

Now that corporate applications are easier to access via remote and mobile channels, it’s even more important to determine which sensitive data is accessible and where possible breaches may occur. Unfortunately, legions of hackers with Wi-Fi and mobile hacking tools make it imperative that organizations prepare for and defend against potential attacks with even more pervasive security procedures.

One step in creating a stronger defense is to employ field or column-level encryption to protect sensitive data at rest.

Implementing a custom field encryption project on IBM i used to be a notoriously long and painful process.  Programming code changes for field level encryption required a steep learning curve, costly programming resources, and even more time in testing, validating and updating the changed application source code. Most companies simply could not justify the additional strain on their budgets for this level of project development requirements.

In response to this challenge, IBM released its OS version 7.1 with DB2 field procedure (FieldProcs) in April of 2010 that greatly simplified the field encryption process.  With the new FieldProcs technology, encryption projects can be streamlined because the field procedures are invoked at the database level, making it transparent to the applications. The FieldProcs can be coded to automatically encrypt the field on Inserts and Updates, and subsequently decrypt the field only for authorized users on Read operations.  Subsequently, FieldProcs have become very important to those businesses that have legacy applications and limited budgets.

FieldProcs are a great step for improving the viability of field level encryption projects. But even with this, many companies don’t have the resources to integrate and manage the FieldProcs which is why third-party software solutions, like Linoma Software’s Crypto Complete, are valuable.  Crypto Complete will generate and manage the FieldProcs on the fields within the files.

Crypto Complete also includes the key management, audit logs and access controls needed for PCI DSS and data privacy compliance. The value of using Crypto Complete for field encryption cannot be understated as it can greatly minimize the learning curve and reduce the implementation resource requirements from weeks to hours.

Daniel Cheney

Daniel has been the IT Director at a healthcare company for the last 12 years and a longtime beneficiary of GoAnywhere Director and the IBM i platform. He is also a freelance writer for various technical and social media projects.

More Posts - Website

Linoma Starts Off the Year with Several Product Releases

Posted by on Friday, 18 June, 2010

When things get hectic and life gets crazy, let’s face it, we could all use a release. All puns aside, Linoma Software has been busy the past 5 months issuing several releases which provide our current and future clients the business edge they need in this ever changing market. Linoma released updates for Surveyor/400, Crypto Complete, GoAnywhere Services and last but not least GoAnywhere Director.

In February, Linoma released Surveyor/400 3.7. Surveyor/400 allows users to easily query and download data from IBM i to their desktops and network servers. Version 3.7 provides support for Excel 2007 with custom formatting options to create professional-looking spreadsheets. Surveyor/400 additionally supports earlier versions of Excel, as well as CSV, fixed width text, HTML and XML documents.  Surveyor/400 conveniently provides over 20 IBM i tools in one application.

In addition to Surveyor/400, Linoma also released Crypto Complete 2.20 in February. The new release of Crypto Complete 2.20 incorporated tokenization. Tokenization should be considered when sensitive data is stored on multiple systems. Tokenization is the process of replacing sensitive data with unique identification numbers (e.g. tokens) and storing the original data on a central server in encrypted form. By centralizing sensitive data, tokenization helps to thwart hackers and minimize the scope of compliance audits such as PCI. Additionally, Crypto Complete 2.20 offers faster encryption for backups while eliminating the need for intermediate save files.

Let’s fast-forward to June; Linoma released GoAnywhere Services 1.3.0. Version 1.3.0 adds enhanced security features with IP Filtering, Syslog feeds and additional Trigger actions, along with other updates and usability options. GoAnywhere Services is a secure file server that provides internal and external trading partners with a secure connection to your system for exchanging files within a fully managed and audited solution.

Also in June, Linoma released a new version of GoAnywhere Director. GoAnywhere Director 3.2.0 provides a connector for sending data using the AS2 version 1.2 standards. This includes support for multiple file attachments within a single AS2 message, synchronous MDN receipts and message integrity verification. AS2 messages can be sent over an SSL tunnel, making it a secure option for the transfer of sensitive data. Version 3.2.0 also includes Syslog server integration, advanced scheduling options, enhanced server certificate handling and FTP checksum validation options. GoAnywhere Director is a managed file transfer solution for the enterprise.

If you need any additional information about any of our product releases or if you need a solution and aren’t sure what is the best product for your circumstance, give us a call. If we don’t have the product your business needs, we can point you in the right direction.

It has been a great start to 2010 and we would like to say thanks to all of our clients for their continued support.

1.800.949.4696  |  sales@linomasoftware.com  |  privacy policy
Copyright ©1994 - 2012 Linoma Software  |  All rights reserved