Eliminate IFS vulnerability and make security risks disappear.

Written by Robin Tatam

Ask any security professional which area of IBM i security is most often ignored and the response will likely be "the Integrated File System." Although it's been around since V3R1, the IFS remains a shrouded mystery that represents significant risk.

Did the previous administrator leave the machine clean, or did he leave a time bomb somewhere?

Written by Jean-Paul Lamontre

Suppose it's the beginning of a new year, and the first time the human resources manager logs into payroll, he unknowingly sends the file of annual salaries to an email address it shouldn't go to, by directly Telnet-ing port 25, something discreet and undetectable.

IBM i 6.1 and 7.1 gave us many new commands and functions, including Display Service Tools User ID (DSPSSTUSR), which is very useful and should be part of your regularly scheduled security audits.

Written by Steve Pitcher

System Service Tools (SST) accounts can perform moderate maintenance on your Power Systems and IBM i operating system. You can work with disk configuration and partitions, view the product activity log, and much more. Dedicated Service Tools (DST) require the system to be in manual mode and allow you access to additional functions, such as working with the Licensed Internal Code (LIC). The same accounts are set up to access both SST and DST. Ideally, you want to ensure that these Service Tools accounts are under the watchful eye of your most trusted administrators. Any oddities should be investigated.

PowerTech readies the 2012 "State of IBM i Security" study.

Written by Robin Tatam

Since 2004, when we published the first edition of PowerTech's popular security study, we've seen many exciting enhancements in the operating system we now call IBM i. Unfortunately, when it comes to changes in the configuration of the server's security controls, the story is much darker.

PowerTech Compliance Monitor 3 lets you preview the effect of security level changes.

Written by Robin Tatam

Each year, PowerTech's popular "State of IBM i Security" study reports on the assigned value of the IBM security system value, QSECURITY. While many systems now are running at the IBM recommended minimum level of 40, there are still numerous organizations that are running at level 30 and even (gasp!) level 20.

PowerTech's Compliance Assessment performs a valuable service to hundreds of IBM i shops each year.

Written by Robin Tatam

With the New Year and a new operating budget, it's time for many companies to start a security project. However, based on some of the calls I've received recently, there remains a lack of clear direction regarding the tasks and priorities.

Are your powerful users accountable for their actions?

Written by Robin Tatam

One of the greatest challenges an organization faces when securing an IBM i environment is protecting the system from the very people who are charged with its care: programmers, administrators, and security officers. While these power users often need access to restricted objects and commands, they rarely need that level of access 24 hours a day—and definitely not without accountability.

PowerTech Compliance Monitor scorecards make easy work of a tedious, but critical, task.

Written by Robin Tatam

One of the most common requests I receive from customers is a way to provide the management team and auditors with a simple dashboard-type report of a system's configuration and its conformance with a baseline policy. For single systems, this can be a time-consuming task, prone to human error. When there are tens, or even hundreds, of system partitions, the work involved can become prohibitive.