Current Events & Commentary / Commentary
2016 State of IBM i Modernization White PaperAfter surveying 400+ IBM i professionals, we discovered: - The state of IBM i modernization in today's businesses and their goals for the future - The effect legacy applications have on the businesses' internal and external processes - The #1 concern upper managers have with the IBM i, and how to combat it ...and much much more! Download your copy of The 2016 State of IBM i Modernization today.…
2017 IBM i Marketplace Survey ResultsFor the third annual IBM i Marketplace Survey, HelpSystems set out to gather data about how businesses use the IBM i platform. The past two surveys have sparked many thoughtful conversations about this technology and we’re thrilled to be part of such an engaged community. Nearly 500 people from across the globe completed this year’s survey. We’re so happy to share the results with you, and hope you’ll find the information interesting and useful as you evaluate your own IT projects. Sections: IBM i in the Data Center | IT Initiatives & Tr&| Outlook for IBM i | Demographics | Resources…
2017 State of IBM i Security StudyFor every breach that makes headlines, dozens of other organizations have had data stolen or corrupted by hackers—or even their own users. Cyberthreats become more sophisticated every year, raising the importance of proper security controls. The 2017 State of IBM i Security Study proves once more that many organizations running the IBM i operating system rely on system settings that leave data vulnerable. This is true across all industries for businesses large and small. Weak passwords, lax system auditing, and overly privileged users leave your server vulnerable to internal and external threats. A data breach caused by a cybercriminal or a negligent insider can cause irreparable damage to an organization of any size. The annual State of…
3 Compelling Drivers for Implementing an HA Solution on an IBM i Cloud with MIMIX1. Affordable Cloud Solutions 2. Efficiencies of MIMIX 3. Rising Cost of Downtime This white paper is a collaborative effort between Connectria Hosting, a pioneer in the development of the IBM i Cloud, and Vision Solutions, the leader in High Availability and Disaster Recovery solutions including MIMIX®, the standard for complete, scalable HA/DR protection for the IBM i.It will provide a review of the core causes and costs of both planned and unplanned downtime and will then provide a detailed discussion of current options for IBM i High Availability and Disaster Recovery in the Cloud.Most importantly, as you read you will learn why true HA and DR protection are now within reach of even the smallest of businesses. Download your…
5 Ways to Control Access using Application AdministrationNever heard of Application Administration? Don’t be surprised. Although it’s full of function, it’s one of little-known features of IBM i. Application Administration (or App Admin as it’s commonly called) has been around for a while but the additional features provided in the latest releases as well as recent Technology Releases makes this a feature worth exploring again. Carol Woodbury, President of SkyView Partners, has written a white paper describing how you can use Application Administration (a feature of i Navigator) to control access to various client functions as well as functions available on the IBM i and network features such as ODBC and FTP access.…
5 Winning Strategies to Combat Information OverloadToday’s businesses must be available 24/7 with fewer people having to manage more complex systems and processes. IT departments receive a constant bombardment of information from a diverse variety of operating systems, business applications, and critical processes and support a complex array of servers and devices running across their entire network. With tight resources and the need to keep costs in check, more and more is expected of IT operational staff to handle this information efficiently. They need to ensure a swift response with appropriate actions, that essential data is received at the right time, prove service levels are maintained, that contingency and high availability strategies are fully operational, and that vital busi…
8 Very Good Reasons to Use Your Power i For ShippingLearn how companies are reducing shipping costs by Centralizing all of their Shipping Systems and Transportation Management Systems (TMS) on One Platform with One Vendor. See how companies deployed an enterprise-wide, multi-carrier shipping solution to manage both their Parcel and Freight shipments directly from their IBM i, and seamlessly integrated it to their back end IBM i ERP and WMS. This Whitepaper examines eight reasons for centralizing standalone shipping solutions on the IBM i. In addition, you will see how a Modular TMS Solution integrated with ERP has driven significant efficiencies and cost reductions in companies shipping and transportation operation.…
Automate IBM i Operations using Wireless DevicesDownload the technical whitepaper on MANAGING YOUR IBM i WIRELESSLY and (optionally) register to download an absolutely FREE software trail. This whitepaper provides an in-depth review of the native IBM i technology and ACO MONITOR's advanced two-way messaging features to remotely manage your IBM i while in or away from the office. Notify on-duty personnel of system events and remotely respond to complex problems (via your Smartphone) before they become critical-24/7. Problem solved! Order your copy here.…
DR Strategy Guide from Maxava: Brand New Edition - now fully updated to include Cloud!PRACTICAL TOOLS TO IMPLEMENT DISASTER RECOVERY IN YOUR IBM i ENVIRONMENT CLOUD VS. ON-PREMISE? - COMPREHENSIVE CHECKLISTS - RISK COST CALCULATIONS - BUSINESS CASE FRAMEWORK - DR SOLUTIONS OVERVIEW - RFP BUILDER Download your free copy of DR Strategy Guide for IBM i today. The DR Strategy Guide for IBM i is brought to you by Maxava – innovative global leaders in High Availability and Disaster Recovery solutions for IBM i.…
Guide to Manufacturing SoftwareFor all manufacturing industries, growth remains top of mind. Post-recession cautiousness has given way to confidence and more ambitious business goals. From automotive to fashion, more manufacturing leaders are ready to take bigger risks in the hopes of bigger payoffs, and optimism is the highest it’s been in years. To help manufacturers choose the right software in a rapidly changing industry landscape, this guide will explore four key technologies that are essential to any successful manufacturing operation:&n &n nterprise Resource Planning (ERP)&n &n nterprise Asset Management (EAM)&n &n onfigure Price Quote (CPQ)&n &n upply Chain Management (SCM) See More…
IBM i Security: Event Logging & Active MonitoringA Step by Step GuideActive monitoring is one of the most critical and effective security controls that an organization can deploy. Unlike many Windows and Linux server deployments, the IBM i can host a complex mix of back-office applications, web applications, and open source applications and services - leaving millions of security events to actively monitor.This eBook discusses: - Real-time security event logging and monitoring - Security architecture and logging sources on the IBM i - Creating the IBM security audit journal QAUDJRN - Enabling IBM security events through system values - File integrity monitoring (FIM) - A step by step checklist begin collecting and monitoring IBM i security logs Download this White Paper Now!…
Mobile Computing and the IBM iMobile computing is rapidly maturing into a solid platform for delivering enterprise applications. Many IBM i shops today are realizing that integrating their IBM i with mobile applications is the fast path to improved business workflows, better customer relations, and more responsive business reporting. The ROI that mobile applications can produce for your business is substantial. This ASNA whitepaper takes a look at mobile computing for the IBM i. It discusses the different ways mobile applications may be used within the enterprise and how ASNA products solve the challenges mobile presents. It also presents the case that you already have the mobile programming team your projects need: that team is your existing RPG development team!…
Overcoming Common IBM i Mobile Development ChallengesCreating mobile applications for IBM i on Power Systems doesn't have to be difficult! Mobile applications can take your business to new levels of engagement, customer support and competitiveness. By making your ERP, Sales, Line of Business, and other applications mobile, you empower your workforce to get more done - from anywhere, at any time.If your business runs on IBM i (formerly known as AS400 or iSeries) there's no need to worry. You can easily make your RPG applications available on any mobile device! Read this free white paper, and learn how you can overcome the most common challenges to mobile for IBM i shops, including: - How to go mobile with limited staff or budget - How to make any RPG developer a mobile superstar - Whether to c…
PCI and What it means to IBM iWhile one may think that PCI is a thing of the past and that it’s already been implemented, major breaches (most notably of the Target PoS systems) have brought it back into focus. Some retailers are just now understanding how PCI applies to them and other organizations have started to accept credit cards when they didn’t in the past. To refresh everyone’s memory, here’s an overview of what PCI means to the IBM i community and what organizations that use an IBM i to store, process or access cardholder data need to be aware of.…
Robot in Modern IBM i EnvironmentsAs hardware and software technologies evolve, so too does the complexity of the data center.IBM i often serves as the backbone for business-critical applications, including ERP packages, leaving other servers to run email, print serving, and the website—but users and other computing technologies still draw data from the transactional database on IBM i. Robot systems management solutions have been helping customers manage IBM i operations for over 30 years. This white paper is intended primarily for IT management and attempts to explain, in plain English, the components of modern IBM i environments and how Robot can be deployed to maximize business objectives. See More…
Virus Got You Down?Does a virus have your server down? Perhaps it’s the latest worm, Trojan horse, buffer overflow or denial of service attack that’s got you or one of your servers down. While one of these bugs may be affecting one or more of your servers in your enterprise, it is highly unlikely that the server affected is a Power server running IBM i. IBM i may be running your core business applications or it may be hosting your website or running Domino. Whatever its function within your enterprise IBM i has remained unaffected by virus and malware attacks. Why is that? Viruses and other ailments spread by infecting a host that is vulnerable. Let’s take a look at how IBM i and the applications running on it can remain unscathed by the viruses and malwar…
When Management Turns its Back on Security: The Business EffectsIn this white paper we hope to explain why the decision to secure- or not secure – data on the IBM i needs to be a business decision ... not a technical decision. Something is preventing management from understanding the need to secure the electronic data. So let’s explore why we think this happens....…
IBM i Security Administration and Compliance
ORDER YOUR COPY
Click for this Month's
A new report entitled "A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE)" has called for the halt of the deployment of SERVE in 2004 until underlying security issues have been resolved. At the heart of the report, written by a group of four security experts from academia and the private sector, are apprehensions about the security threats, the On Demand technology of Internet voting, and the stakes for democracy.
What Is SERVE?
SERVE is a project aimed at providing Uniformed Services members and overseas citizens the ability to register, request an absentee ballot, vote, and check registration status via the Internet throughout the absentee voting process. SERVE is a part of the Federal Voting Assistance Program (FVAP) that was mandated by Congress under the Uniformed and Overseas Citizens Absentee Voting Act (UOCAVA) of 1986 and is currently run by the Department of Defense under Donald H. Rumsfeld.
Although SERVE is billed as an "experiment," it is currently scheduled to be deployed for the 2004 primary and general elections and is expected to handle up to 100,000 votes over the course of the year for the states of Arkansas, Florida, Hawaii, North Carolina, South Carolina, Utah, and Washington. By comparison, in the 2000 presidential election, a total of only 84 votes were cast by a predecessor system called Voting Over the Internet (VOI).
An Experiment Leading to Full Deployment
The eventual goal of SERVE is to support the entire population of eligible overseas citizens plus military personnel and their dependents. This population is estimated to number about six million, so the 2004 SERVE deployment is seen as a prototype for a very large future system.
However, in a year when the President of the United States is building his campaign for re-election upon issues of national security, this new report raises the specter of the infamous Florida re-count, the terrorist attacks of 9/11, the ongoing Internet virus and worm epidemics, and the potential for Denial of Service (DoS) attacks that could significantly impact the validity of this On Demand e-government experiment and election results as a whole. While such a terrible outcome might seem unlikely to some, the authors make a compelling technical case for a complete re-evaluation of the SERVE project.
E-Commerce Versus E-Voting
The basic premise of SERVE is that modern e-commerce security technologies can be modified and enhanced to enable individuals to cast their ballots in an election with the same success that consumers currently experience when purchasing goods over the Internet.
However, in analyzing the registration and voting mechanisms of SERVE in light of the current Internet security technologies available, the authors found a number of significant differences in the scope of the project and a basic lack of oversight in the security technologies employed. According to the authors, "voting requires a higher level of security than e-commerce. Though we know how to build electronic commerce systems with acceptable security, e-commerce grade security is not good enough for public elections." Why? What is the difference?
Voting Is a Non-Transferable Right
According to the authors, securing Internet voting is structurally different from--and fundamentally more challenging than--securing e-commerce. For instance, it is not a security failure if your spouse uses your credit card with your consent. However it is a security failure if your spouse votes on your behalf, even with your consent; the right to vote is not transferable.
Interruption of Service Nullifies Elections
Threats are more important to the outcome of a democratic election, too. For instance, a DoS attack on e-commerce transactions may mean that business is lost or postponed. However, such an attack on Internet voting would de-legitimize all the transactions that were cast. Yet the results to an election would be irreversible, disenfranchisement would be complete, and the validity of the outcome could never be assured. Such was exactly the point of the Florida recount in 2000.
Democracy Requires Verifiable, Anonymous Voting Results
The authors also point to the very special requirements that voting holds for maintaining the anonymity of the voter. Voting anonymity is one of the hallmarks of a free and open election, and detecting fraud in an electronic system of Internet voting requires a substantially different security scheme than e-commerce. For instance, in a commercial setting, customers can detect errors because their transactions are not anonymous, and the results of their purchases appear on billing statements that can be checked against electronic receipts. The opposite is true in the security requirements for Internet voting: The voter must be assured that his/her results are accurately accounted for in a setting of anonymity so that the vote cast may not be traced back to the voter. It is an issue of trust that strikes at the core of the "one-man/one-vote" compact of a democracy.
A Flawed Architecture in Current Internet Technology?
These differences between e-commerce and e-voting security make the strongest case for a full examination of the SERVE system before the 2004 elections. Yet, according to the authors of the report, who have studied the proprietary system being deployed, grave security risks have yet to be addressed. The 34-page report breaks these threats into logical groups and then examines the potential of these risks under the current SERVE architecture. According to their evaluation, the risks are high, while the technical Internet skill required to create the security threats are relatively low. According to the authors, these threats include the following:
DoS attacks against SERVE vote-recording servers
- Trojan horse attacks against the voter's personal computer, preventing the casting of the vote or altering the ballot
- On-screen electioneering in which the voter's ballot is hijacked, rerouted, or changed
- Spoofing of the SERVE election site itself, through various easy-to-implement means
- Physical alteration of the voter's personal computer to prevent or change votes
- Untraceable insider attacks against the SERVE vote-recording servers
- Untraceable, automated vote buying or selling across the Internet
- Coercion of voters through electronic Internet surveillance of the voters' ballots
- SERVE server-specific viruses that manufacture, steal, or alter votes
Assessing the Real Threat to Electronic Internet Voting
Electronic Internet voting is the Holy Grail of the On Demand e-democracy movement that is backed by IBM and other industry giants, as well as the open-source movement itself. Today, the future promise of Internet voting is an integral part of how computer software and hardware vendors market to governments and nations. This concern is practical in nature and financial at root. For instance, it's estimated that the recent recall election in California cost the beleaguered state over $63 million during a fiscal crisis in which the budget was already $8 billion in deficit. Elections are expensive, and ad hoc elections are even more so.
On the surface of it, the SERVE system appears to meet many of the goals of the e-democracy movement, providing electronic ballots, ease of implementation, rapid deployment, and the quick "on demand" results.
However, when security experts attempt to peer beneath the public face of nearly all of the electronic balloting systems that are being funded by the current U.S. Congress, they're brought up short by the proprietary nature of these products. All are the properties of private corporations, all provide limited access to the underlying code that runs them, and none are known to adhere to overall external international standards that might prevent security flaws, manipulation, or fraud. Those that are based upon Microsoft Windows technology are immediately suspect for similar reasons and for reasons of Microsoft's past track record in securing the Windows platform.
The real underlying fear of the authors of "A Security Analysis of the Secure Electronic Registration and Voting Experiment (SERVE)" is not that this experimental system will fail massively during 2004, but that its potential success using current Internet technologies might lead public officials to believe that it is inherently secure. To these experts, exactly the opposite is true: Even without access to the underlying code running the system, they can easily devise mechanisms that could thwart the intent of the voter. Their formal meetings with officials and technical experts within the SERVE program have not brought remedy to their concerns, and this warning report is the result.
On the one hand, the impact of SERVE in 2004 can be dismissed as merely "an experiment in e-democracy." After all, it will only be counting a mere 100,000 votes across eight states this year.
On the other hand, the fate of the 2000 election ended up in the hands of a much smaller number of voters in Florida, and the final number of uncounted votes is still a matter of hot debate.
The message of the authors of this report is simple: "We can and should do better than this flawed technology." Unless we do, we will all suffer from the security risk from some unknown weapon of mass election.
Thomas M. Stockwell is Editor in Chief of MC Press, LP.
Thomas M. Stockwell is an independent IT analyst and writer. He is the former Editor in Chief of MC Press Online and Midrange Computing magazine and has over 20 years of experience as a programmer, systems engineer, IT director, industry analyst, author, speaker, consultant, and editor.
Tom works from his home in the Napa Valley in California. He can be reached at ITincendiary.com.