TechTips / Security


Partner TechTip: Keep Friends Close and Powerful Users Closer PDF Print E-mail
Tips & Techniques - Security
Written by Robin Tatam   
Friday, 01 May 2015 00:00

Your IBM i users are human—and prone to putting sensitive information at risk.

robin tatamWritten by Robin Tatam

Information will always be at risk, thanks to human failings like greed and incompetence. As guardians of our enterprise data, it's our responsibility to deploy controls and enforce policies designed to reduce the risk of a data breach, no matter what might cause it.

 

Note that I didn't say eliminate risk—that's an important distinction. If history has taught us anything, it's the old cliché "where there is a will there is a way." We have to accept that there is no such thing as zero risk.

Add a comment
Last Updated on Friday, 01 May 2015 00:00
Read more...
 
Partner TechTip: "Oh! Data Breach" Is Quickly Becoming the New U.S. National "Anthem" PDF Print E-mail
Tips & Techniques - Security
Written by Robin Tatam   
Friday, 20 March 2015 00:00

The current breach epidemic could impact IBM i, but it doesn't have to.

robin tatamWritten by Robin Tatam

Unless you're filing your taxes with an address listed as "under a rock," you're probably painfully aware of a few high-profile data breaches that have occurred in recent years. While Target, Home Depot, and Anthem might not openly share whether any of their compromised systems included IBM Power Servers, we all need to learn numerous lessons, regardless of the technology platform our critical data resides upon.

Add a comment
Last Updated on Friday, 20 March 2015 00:00
Read more...
 
TechTip: A Primer on Payment Security PDF Print E-mail
Tips & Techniques - Security
Written by David Shirey   
Friday, 30 January 2015 00:00

If you handle credit card payment data in your company, you're probably familiar with the Payment Card Industry Council. But they're no longer the only game in town. Maybe it's time to look at the broad issues.

david shireyWritten by David Shirey

If you handle credit card payments in your company, you know that PCI compliance has been the gold standard for the last decade. And if you've been paying any attention lately, you know that Apple Pay was announced in October 2014 and is getting a lot of press as being the future of electronic payments.

Add a comment
Last Updated on Friday, 30 January 2015 00:00
Read more...
 
User Rating: / 1
PoorBest 
TechTip: RACF Exits PDF Print E-mail
Tips & Techniques - Security
Written by Dinesh Dattani   
Friday, 10 October 2014 00:00

It's best to avoid RACF exits, but if you must have them, mitigate their risk.

dinesh dattaniWritten by Dinesh Dattani

Editor's note: This article is an excerpt from Chapter 16 of IBM Mainframe Security.

 

A RACF exit is an optional facility provided in RACF to perform special RACF processing, above and beyond what is offered in standard RACF. RACF exits can overrule decisions made by standard RACF processing. They provide a means for an installation to tailor RACF processing to suit its own unique needs.

Add a comment
Last Updated on Thursday, 09 October 2014 13:02
Read more...
 
Partner TechTip: Why PowerTech Network Security 6.50? PDF Print E-mail
Tips & Techniques - Security
Written by Robin Tatam   
Friday, 19 September 2014 00:00

Users neglected the security void created by TCP/IP services for years, but exit programs can provide the robust solution today's threat environment demands.
robin tatamWritten by Robin Tatam

PowerTech Network Security, an exit program solution, was designed to fill a security void that appeared with the release of OS/400 V3R1 in the early 1990s, when IBM incorporated TCP/IP network server functionality into the Power Systems server. An exit program is an application program that is invoked before or after a user's request is performed and provides a function that the original software does not. In the case of network access, an exit program assists the operating system and should perform two critical tasks:

  • Audit the user transaction (the OS has very limited visibility to network activity)
  • Provide Access Control functions to limit backdoor data access and server functionality
Add a comment
Last Updated on Friday, 19 September 2014 00:00
Read more...
 
Partner TechTip: Analyze System Security with Compliance Assessment 3.0 PDF Print E-mail
Tips & Techniques - Security
Written by Robin Tatam   
Friday, 08 August 2014 00:00

Even Power Systems can't provide the security you need right out of the box. Compliance Assessment 3.0 helps you identify shortcomings and safeguard your system.

robin tatamWritten by Robin Tatam

Security and compliance adherence has elevated in criticality over the past few years and has now taken its rightful place as a primary IT initiative, alongside virtualization and disaster preparedness. The necessity for better data protection has landed front-and-center in the public eye following some of the largest data breaches on record, including the highly publicized Target retail breach. This was the first of the national "big box" retailers to be hit with such a public and devastating attack. These stories make headlines, but thousands of lesser-publicized breaches occur every year. The threat landscape has rapidly evolved from socially and politically motivated disruptions to highly sophisticated attacks orchestrated by criminals seeking financial gain, and competitors and governments engaged in industrial and international espionage.

Add a comment
Last Updated on Thursday, 07 August 2014 10:28
Read more...
 
TechTip: Back to Basics with IBM i Special Authorities PDF Print E-mail
Tips & Techniques - Security
Written by Steve Pitcher   
Friday, 01 August 2014 00:00

Special authorities give users the access they need quickly and easily, but they're hard to take away once granted. You need to understand what you're assigning someone. Special authorities are more serious than you might have thought.

steve pitcherWritten by Steve Pitcher

With great power comes great responsibility.

 

My company is about to go on a major ERP overhaul. That's right. We've got forty plus years of a mostly home-grown solution with pieces and parts bolted on over time. Do we have people who have too much authority given their job role? Yes. Are certain objects less secure than they could be? Yes. Like any shop, we have a couple of critical applications that "might break" if the authority is changed. We also have a couple of users who "might" not be able to do their jobs if their authority is restricted. With a new solution on the horizon, it's a good time to look at what we have from a security point of view.

Add a comment
Last Updated on Monday, 04 August 2014 08:48
Read more...
 
User Rating: / 2
PoorBest 
Partner TechTip: Help! I Forgot My IBM i Password (Again!) PDF Print E-mail
Tips & Techniques - Security
Written by Robin Tatam   
Friday, 14 March 2014 00:00

Discover the euphoria of self-service password reset.

robin tatamWritten by Robin Tatam

Since the dawn of the technological age, stories have abounded of users writing passwords on Post-It notes and in logbooks. That's because good passwords are hard to devise and even harder to remember. When we concoct one, we hang on to it. What's worse, we use the same username and password everywhere. Many experts believe passwords represent one of the greatest security vulnerabilities; however, they remain a necessary evil. The reality is that passwords will be around for the foreseeable future. And for every password that exists, there's a user who will forget it.

Add a comment
Last Updated on Wednesday, 12 March 2014 10:35
Read more...
 
User Rating: / 5
PoorBest 
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Page 1 of 18

WEBCAST

MC Webcast CenterFEATURED WEBCAST

See What i Can Do With Modern RPG Development

Your applications deserve more than just a new look! Change the perception of the IBM i as “old” with modern development tips from IBM and Profound Logic Software.
Watch as Barbara Morris, Brian May and Alex Roytman dive beneath the GUI surface to show the benefits of:

 

  • Working with free-format RPG in IBM i TR7
  • Breaking free from “The Cycle” of traditional RPG development
  • Going beyond the 10 character limit in display and database files
  • And more!

You'll also see a live demonstration of these techniques as the presenters create a modern web application before your eyes! 

 

Watch the Webinar Now!

 

TRIAL SOFTWARE

MS Office Connector for Query/400

NGS' Qport Office enables Windows users to run IBM Query/400 queries to: 

 - Create and update Excel spreadsheets and Access databases

 - Create Word documents

 - Send to Windows screen and PC printers

No query conversion is required. Works with i5/OS V5R1 & above. Installs in minutes!

If you don’t have a budget to replace IBM Query/400, but want your users to have one click enhanced output of their queries.… Request the online license agreement and product download instructions today!

Offer good through December 31, 2013.

   MC-STORE.COM