|Partner TechTip: Guarding Against the Multifaceted Threat to Power Systems|
|Tips & Techniques - Security|
|Written by Christopher Jones|
|Wednesday, 25 March 2009 19:00|
Protect IBM i, AIX, Linux, and Domino in one fell swoop.
For some time now, IBM has been making the AS/400 family more powerful and versatile. With the introduction of Power Systems in 2008, the promise of one box that meets the demands of modern computing environments across multiple operating systems truly came of age.
But with this versatility comes increased exposure to threats from malicious code. When an iSeries was running only OS/400, the steps we needed to take were clear and the risk was easier to mitigate. Now that IBM i, AIX, and Linux may be running side by side--and connecting to a network of Windows PCs--guarding the fortress against malicious code threats requires a thorough plan and an impermeable line of defense.
I say impermeable, but let's be clear. No line of defense can keep 100 percent of threats out of your system. The key lies in quickly identifying and eradicating these threats. To do this, we must adopt a holistic view of protection and take steps on each platform.
The reality that malicious code represents a real danger to IT security is now widely accepted. But there's still a lingering belief within the AS/400 community that the danger doesn't reach inside our borders. "There are no System i viruses." True. "There are few Linux and UNIX viruses." True. "The risk is so minimal that it's not worth pursuing." Dead false.
Malicious code doesn't need to target a specific operating system in order to wreak havoc. AIX, Linux, and the IBM i IFS with its UNIX-based privileges model can easily host viruses written for Windows. And because these operating systems can silently host this code and spread it to the larger network, the danger is analogous to the person who has cancer but doesn't know until it has spread throughout the body and become terminal.
Once malicious code has passed from the Power System to a Windows PC, it can execute and then backtrack to the Power System to delete files, steal data, send commands, and more. The fact that a given virus can't execute under IBM i, AIX, or Linux is moot. It doesn't need to.
So how do you stop this ubiquitous malicious code? Let's break it down into a three-step process:
Step 1: Develop an Implementation Plan
Prepare a plan that places anti-virus software on every system, including the Windows PCs in the network and every server and partition, regardless of the operating system. If you're using Domino, you should protect that point of entry as well. The good news is that there's now a native solution available for virtually every OS that you may be running. Putting guards at each checkpoint is a requirement of most regulatory legislation and guidelines, including SOX, PCI, COBIT, and NIST.
Step 2: Select a Consistent Solution
Consistency across systems can help ensure that the malicious code can be caught at each checkpoint. Fortunately, McAfee provides native engines and uniform definition files that span all operating systems that run on Power Systems, as well as Domino environments running on IBM i. McAfee technology has placed first in testing by the University of Hamburg Virus Test Center.
Step 3: Establish an Easy-to-Manage System
When it comes to a Power System running IBM i, AIX, and/or Linux in partitions, StandGuard Anti-Virus easily meets this need by allowing you to scan and clean all partitions from a single point of control under IBM i. There are native versions of StandGuard Anti-Virus for IBM i, AIX, Linux, and Domino, and these use the same virus definition files as McAfee's Windows solutions. By implementing a single family of solutions across the environment, you can ensure stable, reliable, predictable protection. And by eliminating the need to manage each operating system separately, you save time that can be put to better use.
Protect the Network
By taking a holistic view of the malicious code threat and accepting a platform-agnostic position, we can ensure that our networks and organizations are fully protected. StandGuard Anti-Virus is the most powerful tool available for those working with IBM Power Systems, and this solution with the McAfee engine and backing of McAfee AVERT Labs can protect IBM i, AIX, Linux, and Domino in one fell swoop.
To learn more about StandGuard Anti-Virus, access informational materials, and even get a free trial to scan your system, visit www.sgav.info. You might be surprised by what you turn up.
|Last Updated on Thursday, 26 March 2009 13:14|