MC Press Online

Sunday, Jun 25th

Last updateFri, 23 Jun 2017 1pm

You are here: Home ARTICLES Security IBM i (OS/400, i5/OS)

Security / IBM i (OS/400, i5/OS)

Five Security-Related Reasons to Care About Your IBM i Backup Strategy

Carol Woodbury

Many IBM i administrators have a comprehensive backup strategy, but for those who don’t, I’m hoping that this article will have you reworking how you approach backups.

Written by Carol Woodbury

Debbie Saugen was a colleague when I worked at IBM, and I’m happy to say she’s once again my colleague now that she’s joined HelpSystems. Debbie’s area of expertise is backup and recovery. Working with her again has reminded me of the security-related reasons to have a comprehensive backup strategy. Let’s take a look.

Read more ...

Why, for Most IBM i Shops, DDM Is Their Worst Vulnerability

Carol Woodbury

Most IBM i shops have not secured their DDM implementation. Carol discusses why that’s putting those shops at risk.

Written by Carol Woodbury

Distributed Data Management (DDM) comes in two flavors: an ancient implementation that runs over SNA and one that runs over TCP/IP. The version I’m going to discuss is the implementation over TCP/IP. While the default setting for DDM over TCP/IP is to require a valid user ID and password to make a connection to a target server, most IBM i shops have changed this setting and require only a valid user ID. In other words, when a DDM connection is established, the user making the DDM connection must have the same user profile name on the target server. When that’s the case, the connection is established.

Read more ...

Forewarned Is Forearmed

Steve Pitcher

Stop viewing IBM i as an impenetrable fortress. It’s not.

Written by Steve Pitcher

In one week, I’ll be speaking at the 2017 COMMON Annual Meeting and Expo, where I’ll be presenting a session called "IBM i and our False Sense of Security." I’ve done this session a couple of times now, and what I really try to go for is to strike sheer terror into the hearts and minds of audience members.

That’s right. Sheer terror in the form of a reality check that their systems are likely not as secure as they believe.

Read more ...

The Importance of Staying Current

Carol Woodbury

Carol discusses why and how staying up to date reduces your company’s security risk.

Written by Carol Woodbury

You might wonder why I decided to discuss this particular issue. I chose this topic because, as I read about how breaches occur—that is, how hackers are able to penetrate organizations—in many instances, it’s due to organizations not staying current.

Equipment remains with default credentials or is running an old operating system or is left unpatched—even when there are known vulnerabilities. Hackers will “drive by” or may go explicitly looking to exploit servers with known vulnerabilities.

Read more ...

Insiders Are a Threat to IBM i? No Way! Yes Way!

Carol Woodbury

Carol discusses how the current thoughts on insider threats needs to be redefined and how insider threats can leave IBM i vulnerable.

Written by Carol Woodbury

I read an interesting article that discussed a study done by the Ponemon Institute on the “Cost of Insider Threats.” It piqued my interest because most of the people I talk to in the IBM I world don’t believe there’s any threat by people from inside their organization. The two reasons I hear most are “I trust our employees” and “Our employees would have no clue how to get access to the system through something like ODBC. They can barely sign on to their green-screen menu.” I decided to read the actual study to determine if there was applicability to the IBM i world.

The Study defined three types of insider threats:

Read more ...

Carol’s IBM i Security Wish List

Carol describes 10 things that she wishes were different when it comes to IBM i security.

carol woodburyWritten by Carol Woodbury

It’s the time of year when all children are making their Christmas wish list, hoping Santa will deliver on Christmas morning. While I’m a few years beyond believing in Santa Claus (!), I’ve created my list, just in case.

 

Wish #1: V7R3

I wish all IBM i customers would upgrade to V7R3. The Authority Collection feature added in V7R3 alone justifies the upgrade. This feature helps administrators to stop over-authorizing and enables them to remove *ALLOBJ from profiles that don’t really need it. If you are considering upgrading to V7R2, skip that thought and move right to V7R3!

Read more ...

IBM i Security Without Breaking the Bank

Stop neglecting IBM i security. Consider a risk assessment and two control layers to enjoy substantially less risk of data losswithout sending your organization into the red.

robin tatamWritten by Robin Tatam

The time is now!


While some companies take a proactive stance on becoming more secure, many more act as a result of regulation. Governments and industry bodies have enacted numerous enforceable mandates, typically as a result of a scandal or high-profile breach. The growing list of these mandates includes PCI-DSS for credit card data, MAS-TRM for financial organizations in Singapore, BASEL for the banking industry, SOX for publicly traded companies, and HIPAA for those in the U.S. healthcare industry. Operators in the European Union face a dramatic increase in fines that may be levied for data breaches since the General Data Protection Regulation (GDPR) was adopted in April 2016. This replacement for the previous “directive” will become law in May 2018, and the financial impact on companies within this territory could be quite dramatic.

Read more ...

The Lesser of Two Evils: Choosing the Better IBM i Security Configuration

Carol describes scenarios where the configuration options aren’t optimal, but a choice must be made.

carol woodburyWritten by Carol Woodbury

By the time you read this, the election in the United States will be over. Many in the States view this election as having to choose between the lesser of two evils. While I’m not going to discuss the way I voted, I thought I might discuss some similar situationswhere I’ve been presented with two IBM i configurations to choose from, and neither is optimal.

Read more ...