1.5 Strengthen Host Security and Protect Mission-Critical Host Data

Dealing with sensitive customer data requires security support on multiple levels.

The U.S. federal government is a large Micro Focus customer and demands the highest level of security from their products — for example, FIPS 140-2 for strong data encryption; Department of Defense PKI for strong certificate-based, 2-factor authentication; and FDCC/USGCB to prove that Reflection can support a locked-down desktop configuration.

The high level of Reflection security can help you comply with nongovernmental/industry mandates driven by PCI audits, Sarbanes-Oxley (SOX), HIPAA/HITECH, GDPR, and Basel II.

Reflection includes information privacy features designed to protect customer data and secure the desktop.

1.5.1 Set Up Privacy Filters

Privacy filters allow you to mask sensitive host data, such as personal identification numbers, and prevent that data from being printed, saved, or copied.

Let’s say that you want to protect your customers’ telephone numbers. With Reflection, it’s easy:

  1. On the ribbon File menu, choose Reflection Workspace settings. (In Browser mode, choose Settings and then Reflection Workspace Settings from the Reflection menu.)

  2. In Reflection Workspace Settings, click Set up Information Privacy.

  3. Under Privacy Filters, click Add.

  4. In Add Privacy Filter, enter a description, select Simple expression, and then type # symbols in the box to represent the digits of the data you want to protect. For example:

    ###-###-####

    Be sure to use the formats that your host systems use to display these numbers. If telephone numbers are entered both with and without dashes, you’ll need to set up another filter without dashes. For example:

    ##########

  5. Under Privacy Filters Redaction Rules, specify how to redact the data:

    • To redact sensitive data so that it is not displayed by the Scratch Pad, Recent Typing, and other productivity features, select Enable redaction (exported data only).

    • To redact data on screens, select Redact display data (Terminals Supported: IBM).

  6. Click OK to save your changes.

  7. Connect to a host application that displays telephone number data to verify that the data is redacted.

1.5.2 Protect Credit Card Data

To help your organization meet Payment Card Industry Data Security Standard (PCI DSS) requirements, Reflection can automatically protect credit/debit card data that is entered or stored on IBM host screens. Let’s say that you want to protect credit card data.

  1. On the ribbon File menu, choose Reflection Workspace settings. (In Browser mode, choose Settings and then Reflection Workspace Settings from the Reflection menu.)

  2. In Reflection Workspace Settings, click Set Up Information Privacy.

  3. Under Primary Account Number (PAN) Detection Rules, choose Simple PAN detection.

  4. Under Primary Account Number (PAN) Redaction Rules, choose Enable Redaction (exported data only), Redact display data (Terminals Supported: IBM), and Redact data while typing (Terminals Supported: IBM).

  5. Click OK to save your changes.

  6. Connect to a host application that contains an input field long enough to enter a credit card number.

  7. Remove a credit card from your wallet and type the number into the input field. Notice that when you enter the last digit, all but the last 4 digits of the credit card number are redacted.

1.5.3 Secure File Transfers

Traditional protocols, such as Telnet and FTP, are not inherently secure. They put your confidential host data at risk.

Reflection helps you manage that risk as your needs evolve — with comprehensive support for existing security infrastructures, user-level security features, and encryption technology that meets today’s stringent security mandates. This level of security combined with support for a broad range of hosts is unmatched by competitive products.