Important Updates to Cybersecurity Software

HelpSystems is updating the names of our cybersecurity software, including the Powertech product line. Don’t worry—the functionality of your products won’t change.

See the new names here > New, Simpler Names for HelpSystems Security Software.

--------------------

Proxy commands are shortcuts to target commands. A proxy command differs from a typical command in its ability to run a target command, rather than a command processing program.

While selecting a command for monitoring using Command Security's Select Commands screen, all proxy commands that can be registered, and all those whose target can be registered, are available. (Proxy commands outside of QSYS cannot be registered.) If you choose a proxy command from this list, you will be prompted to confirm whether you want to monitor the proxy (if it can be registered), or instead monitor the target command.

 

If the proxy cannot be registered, but the target can.

 

If both the proxy AND the target can be registered.

 

When monitoring a proxy command, ONLY that proxy command will be monitored. When monitoring a target command, all current and future proxy commands that point to that target command will be monitored.

It is possible to create a proxy command that points to another proxy command, up to 6 layers deep including the target command. As such, the following scenario is possible:

Proxy command PROXYF points to proxy command PROXYE, which points to proxy command PROXYD, which points to proxy command PROXYC, which points to proxy command PROXYB, which points to target command TARGETA.

If those proxy commands are in library QSYS, they are eligible to be registered to the exit point, so Command Security will allow you to monitor them.

We will follow the proxy chain when determining which set of Command Security rules to use, so in the following scenario:

PROXYF
 PROXYE (Monitored in Command Security)
  PROXYD
   PROXYC (Monitored in Command Security)
    PROXYB
     TARGETA (Monitored in Command Security)

If PROXYF is executed, Command Security processes the rules for PROXYE. (Since PROXYF points to PROXYE)
If PROXYE is executed, Command Security processes the rules for PROXYE.
If PROXYD is executed, Command Security processes the rules for PROXYC. (Since PROXYD points to PROXYC)
If PROXYC is executed, Command Security processes the rules for PROXYC.
If PROXYB is executed, Command Security processes the rules for TARGETA. (Since PROXYB points to TARGETA)
If TARGETA is executed, Command Security processes the rules for TARGETA.

For the following scenario:

PROXYF
 PROXYE
  PROXYD
   PROXYC
    PROXYB
     TARGETA (Monitored in Command Security)

Executing ANY of the commands will cause the rules for TARGETA to be processed (because they all eventually execute TARGETA).

For the following scenario:

PROXYF (Monitored in Command Security)
 PROXYE
  PROXYD
   PROXYC
    PROXYB
     TARGETA

ONLY executing command PROXYF will cause Command Security to be invoked.
As you can see, monitoring the target command will usually be the best choice as it covers ALL proxy commands that point to it (including proxy commands created in the future).


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: April 03, 2019