Security Audit - IBMi Exit Points and Programs used by the Dispatcher

Document ID : KB000044658
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction: 

We are having a security audit performed on our IBMi, around external access with a view to tightening up our security. As CA:Plex connects to the IBMi via TCP/IP, we have been asked if there are any Exit Points or Exit Programs on the IBMi that are used by the Plex Dispatcher program YOBSYTCPDP, so that we can allow access to the ports these exist points and programs may use in the firewall we are implementing.
Any information would be most appreciated.

Question: 

Are there any Exit Points or Exit Programs on the IMBi that are used by the Plex Dispatcher program YOTSYTCPDP?

Environment:  

IBM i

Answer: 

Investigating YOBSYTCPDP in the Plex source codebase, we find that there is only one single reference to exit program in the source, at the time of initiating the SSL handshake protocol. However, that variable is hard-coded to NULL. Therefore, we can safely say that the Plex Dispatcher – YOBSYTCPDP does not use any exit point/exit programs on IBMi.