Are your powerful users accountable for their actions?

Written by Robin Tatam

One of the greatest challenges an organization faces when securing an IBM i environment is protecting the system from the very people who are charged with its care: programmers, administrators, and security officers. While these power users often need access to restricted objects and commands, they rarely need that level of access 24 hours a day—and definitely not without accountability.

PowerTech Compliance Monitor scorecards make easy work of a tedious, but critical, task.

Written by Robin Tatam

One of the most common requests I receive from customers is a way to provide the management team and auditors with a simple dashboard-type report of a system's configuration and its conformance with a baseline policy. For single systems, this can be a time-consuming task, prone to human error. When there are tens, or even hundreds, of system partitions, the work involved can become prohibitive.

PowerTech's Interact product monitors critical security events in real time.

Written by Robin Tatam

Let's face it; monitoring security events on IBM i servers probably isn't at the top of anyone's "bucket list." However, it's a critical process that every organization should perform to ensure that unauthorized activities don't occur unnoticed. Typically, there are two main issues with monitoring a system manually: 1) you have to deliberately (and repeatedly) check to see if something has happened, and 2) you are probably looking for the proverbial needle in a haystack of logged events.

PowerTech Compliance Monitor 3 adds automated security and compliance reporting.

Written by Robin Tatam

Remember the humorous MasterCard commercials from a few years ago? In my mind, I see one of them going like this:

State-of-the-art, 64-bit, multi-core Power7 hardware: $225,000

Highly securable IBM i operating system: $100,000

Discovering you can generate and distribute audit reports automatically: PRICELESS

PowerTech Command Security controls command use on your system.

Written by Robin Tatam

Recently, I was approached at a tradeshow by the CIO of an organization running IBM Power Systems servers. He asked if I could help with a security dilemma his company had encountered. It seems that they had recently experienced an "unplanned outage" after an administrator inadvertently issued a PWRDWNSYS command while mentoring a new operator.

Ensure that your users have strong passwords.

Written by David Tansley

Within any operating system, password maintenance is an important system admin task, and AIX is no different. So let's look at some password maintenance techniques.

Within AIX, you can specify rules in password administration. The most common ones are these:

PowerTech DataThread provides critical visibility into data access.

Written by Robin Tatam

2011 is quickly becoming the "Year of the Breach." Although the sun has barely set on the summer solstice, we've already heard of significant breaches at financial giants Citi and Bank of America, gaming organizations Sony PlayStation Network and Sega, and a number of well-known household names like Google, Michael's, Netflix, and Best Buy. While the cause of these events varied, the majority of them resulted in illegal access to confidential data. And, in the case of Netflix and Bank of America, a trusted employee simply handed the information to criminal outsiders.

PowerTech Authority Broker provides a safe way to inherit authority by using a powerful IBM i feature.

Written by Robin Tatam

In last month's TechTip, I spent some time talking about how users can inherit authority through group profiles. Despite my strong support of group profiles, I warned of the vulnerabilities of groups when not carefully architected. Inheritance of a group's private and special authorities can make users far more powerful than their base profiles might suggest. This risk increases if users are assigned to multiple groups. To help manage this, I suggested using PowerTech Compliance Monitor to quickly and easily report on a user's special authority—including those authorities gained via inheritance from a group.