Extra! Extra! Extra! Reflecting on Terminal Emulation

As I mentioned in an earlier blog, there are over a dozen vendors selling terminal emulation solutions that allow millions of users to access their mainframe computer systems. Micro Focus is one of these companies, and our mainframe emulators offer security, flexibility, productivity, and Windows 10 certification. Well, most of them do. But before I elaborate on that point, let’s assume that you’re not yet on Windows 10.

Did you know that you could be forced to move to Windows 10 whether you like it or not? Yeah. Microsoft has announced that the latest generation of Intel chips will not support anything less than Windows 10. So, if you buy a new PC for a new hire or as a replacement for a broken or obsolete system, it will be running Windows 10 and chances are high that it cannot be downgraded no matter what Microsoft licenses you have. So unless you have a closet full of systems ready to deploy, you’ll  want to be ready for the Windows 10 upgrade—even if you don’t want to make the move. (But don’t worry; Micro Focus also offers Windows 10 migration tools to help you on your journey – whether or not you are using terminal emulation software.)

Make the Move

Okay, so let’s get back to that terminal emulator thing. Like I said in that same earlier blog, most of our mainframe emulators are completely up to date when it comes to the latest security standards like TLS 1.2 and SHA-2 along with data masking – which are required by the Payment Card Industry (PCI DSS). But even if you are not subject to PCI rules, implementing the latest security standards are just common sense to help mitigate hacking opportunities. We’ve also been hard at work certifying our terminal emulators for Windows 10 compatibility. Well most of them anyway.

Micro Focus has announced publicly that Extra! X-treme won’t be making the move to Windows 10, and older versions of Extra! X-treme do not support the latest and greatest security standards. But we have an offer for you that you can’t refuse. Well, I suppose you can refuse…but why would you want to?

Migration is Easy

We are offering most of our customers a no-charge migration path to Reflection Desktop, our state-of-the-art terminal emulator. Reflection Desktop was designed and developed by many of the same people behind Extra! so of course they know how to implement many of Extra’s best features, while providing a modern terminal emulator that will work now and into the future.

We have designed Reflection Desktop to have an upgrade experience similar to Microsoft Office applications:

  • The Reflection Desktop Classic Interface eliminates the need for retraining end users.
  • Extra! configuration settings will work as is in Reflection Desktop (Keyboard Maps, Hot Spots, Colors, Quickpads).
  • Reflection Desktop will run Extra! Basic macros with no conversion

And to increase security and enhance productivity, Reflection Desktop offers:

  • Trusted locations, which enable you to secure and control where macros are launched from while still allowing users to record and use them as needed.
  • Privacy Filters that allow you to mask sensitive data on mainframe screens without making changes on the host.
  • Visual Basic for Applications support (documentation), giving you better integration with Microsoft Office.
  • Support for the latest Microsoft .Net APIs allowing for more secure and robust customizations.
  • HLLAPI integration allowing you to continue using these applications without rewriting them.

If you still need help with your migration, guidance is available on how to inventory and migrate customizations. And Micro Focus Consulting Services have proven methodologies and experience with successful enterprise migrations. In fact, several of our customers have had successful migrations from Extra! to Reflection Desktop, one of which is detailed here. PS: This global financial firm actually migrated to Reflection Desktop not only from Extra! but also from a handful of terminal emulators from different companies.

Summary

We talked about Windows 10 and up-to-date security, which are important reasons to move to a modern, secure terminal emulator. In fact, there is another driver: Management.

This final driver ties everything together. You have to ensure that your terminal emulation environment is properly configured and that your users are prevented from making changes that can leave you open to hacking or, perhaps worse, allow them to steal critical information.

Reflection is fully integrated with the Micro Focus Host Access Management and Security Server (MSS). Besides helping you to lock down your emulation environment, MSS also lets you extend your organization’s existing identity, authentication, and management system to your mainframe and other host systems.

And there you have it. A modern, secure terminal emulator that will make you ready for Microsoft’s latest operating system, help lock down your mainframes from unauthorized users, and best of all, existing Extra! customers who have maintained licenses can get it for free.

Is Secure File Transfer Protocol (SFTP) Its Own Worst Enemy?

At Micro Focus, our customers are asking for a holistic approach to secure file transfer—one that provides more visibility, flexibility, and control. That’s why we’ve introduced Reflection® for Secure IT Gateway. This new SSH-based solution sits between the user and the SFTP server, and acts as a central point of control. Its job is to track every file going in and out of your enterprise, including who transferred it and what’s in it. David Fletcher investigates further in this blog….

Secure File Transfer Protocol

SFTP has long been a de facto standard for secure file transfer.  Originally designed by the Internet Engineering Task Force (IETF), this extension of the Secure Shell protocol (SSH) 2.0 provides secure file transfer capabilities over the SSH network protocol.

In a nutshell, SFTP encrypts your data and moves it through an impenetrable encrypted tunnel that makes interception and decoding virtually impossible. While incredibly useful for business-to-business data sharing, SFTP poses a problem in our security-conscious world. Oddly enough, the problem is that SFTP works too well.

Let me explain. SFTP works so well that no one can see what’s being transferred—not even the people who need to see it for security reasons. Case in point: Edward Snowden. No matter what your thoughts on the subject, the fact is that Snowden used his privileged user status to transfer and steal sensitive files. Why was he able to do this? Because no one could see what he was doing. As a “privileged user” on the network, he had extensive access to sensitive files—files that he was able to transfer about, as he desired, without detection.

Iris2blog

In addition to the threats posed by unscrupulous privileged users, there’s another threat that’s cause for alarm. It’s called Advanced Persistent Threat (APT).  Basically, an APT is a ceaseless, sophisticated attack carried out by an organized group to accomplish a particular result—typically, the acquisition of information. The classic APT mode of operation is to doggedly steal the credentials of privileged users. The purpose, of course, is to gain unfettered access to sensitive or secret data. Once “in,” these APTers can transfer data and steal it without detection.  On a side note, Snowden used some of these APT tactics to steal credentials and validate self-signed certificates to gain access to classified documents.

APTs are often discussed in the context of government, but let me be clear: Companies are also a primary target. Take the recent Wall Street Journal article about a foreign government stealing plans for a new steel technology from US Steel. Such behavior is just the tip of the iceberg when it comes to how far some entities will go to steal information and technology.

Introducing Micro Focus Reflection for Secure IT Gateway

So given that transferring files is an essential business operation, what can you do to protect your organization from these dangerous threats? At Micro Focus, our customers are asking for a holistic approach to secure file transfer—one that provides more visibility, flexibility, and control. That’s why we’re introducing Reflection® for Secure IT Gateway. This new SSH-based solution sits between the user and the SFTP server, and acts as a central point of control. Its job is to track every file going in and out of your enterprise, including who transferred it and what’s in it.   It also provides the ability to essentially offload files and allow for 3rd party inspection and can then either stop the transfer and notify if something seem amiss or complete the transfer as required.

Reflection for Secure IT Gateway comes with a powerful browser-based interface that you can use to accomplish a number of transfer-related tasks:

  • Expose files for inspection by third-party tools
  • Automate pre- and post-transfer actions
  • Grant and manage SFTP administrator rights
  • Provision users
  • Configure transfers
  • Create jobs for enterprise level automation
  • Delegate tasks

Read more about Reflection for Secure IT Gateway or download our evaluation software and take a test drive. Learn how you can continue to benefit from the ironclad security of SFTP while also gaining greater file transfer visibility, flexibility, and control.

RUMBA9.4.5
Sr. Product Marketing Manager
Host Connectivity
(Orginally Published here)