Partner TechTip: Keep an Audit Eye on Your System Values! PDF Print E-mail
Tips & Techniques - Security
Written by Robin Tatam   
Friday, 05 March 2010 00:00

Article Sponsor





Phone: 1-800-915-7700


PowerTech Web site:


The PowerTech Group is the leading expert in automated security solutions for IBM Power® Systems running IBM i (System i®, iSeries®, and AS/400®), helping users manage today’s compliance regulations and data privacy threats. Companies worldwide rely on PowerTech security solutions.

Simplify the way you ensure that IBM i system values are in compliance.


Hopefully, you reviewed and configured your System i server's system values as part of your security procedures. If not, you should take the time to familiarize yourself with these values to understand how they impact security. With each new release of the operating system, IBM adds more system values (information about new values is available in the "Memo to Users" at the online Information Center). And once these values are set, you must ensure they stay that way. But manually comparing values is both labor?intensive and error?prone. There are better approaches.

IBM Lockdown

Starting with V5R2 of the operating system, IBM i includes the ability to lock selected system values using System Service Tools (SST). This lockdown prevents even the most powerful users from making changes. However, many people won't use this feature because they aren't comfortable with the SST interface and are afraid they won't be able to unlock these values later.

Compliance Monitor

Compliance Monitor, the leading IBM i audit forensics and report solution from PowerTech, offers two ways to help with this process:


Event Monitoring


If you are auditing *SECURITY events in the audit journal, modifying any system value causes an SV event to be written. Compliance Monitor can report the details of those events, including information about the value change and the user who initiated the change. And if a value is changed and then returned to its original value, Compliance Monitor registers two separate change events.


Scorecard Analysis


Compliance Monitor's System Scorecard (see Figure 1) provides a rapid, point-in-time compliance check of key system values against policy. System values are graded using a weighted scale that you can specify in order to create an overall compliance rating. You can use its Best Practices policy to determine whether a system is well-configured and its Policy Editor to customize the policy for special requirements. Compliance Monitor performs its analysis and presents an easy-to-read dashboard report that you can use to prove compliance to auditors or to highlight policy discrepancies that need to be fixed.



Figure 1: This sample System Values Scorecard shows you at a glance whether you're in compliance. (Click images to enlarge.)


Compliance Monitor's unique architecture lets you apply a centralized policy to any number of end-point reporting systems, or each end-point can have a custom policy (Figure 2). For example, all production partitions could use one central policy, while each development and test partition has its own policy. And international organizations can use different policies based on each country's requirements and regulations.



Figure 2: Compliance Monitor's integrated policy editor allows customization of security policies throughout the organization.


You can define system value requirements with flexibility. After you select the system value you want to review (Figure 3), you can specify whether a certain setting is allowed, disallowed, or required. Then, you can define both a severity and the penalty to assess during the analysis if the value becomes non-compliant. Finally, if a system value should not be included in the review, you can select Allow any value and the attribute settings are ignored.



Figure 3: Policy settings for QSECURITY system value or any other system value are flexible.


You can export and import policies between systems for easy administration. And the policy editor lets you access normal system values and other attributes, such as whether changes are allowed to security system values.

Real-Time Alerting

If you want to be notified when a system value is modified, you can use PowerTech Interact for real-time alerts of activities, including QAUDJRN events. With Interact, you can communicate with enterprise monitoring solutions and escalate events to cell phones or email with powerful tools like Robot/CONSOLE and Robot/ALERT.

Working Together

To keep your system secure and compliant, you need to work with IBM i security controls to set your system values properly and then ensure they remain in compliance. PowerTech's Compliance Monitor and Interact bring together event monitoring, scorecard analysis, and real-time alerts for a complete security compliance solution.

Robin Tatam
About the Author:

Robin Tatam is the global director of security technologies for HelpSystems and is an ISACA-Certified Audit Manager and PCI Professional. Mr. Tatam is an award-winning speaker on security topics and the author of HelpSystems’ annual “State of IBM i Security” study.


HelpSystems is a leading provider of security products and services for IBM i, AIX, Linux, and Windows. Service offerings include vulnerability assessments, penetration testing, remediation work, and managed security contracts. Software solutions are available to address requirements for intrusion detection and prevention, database encryption, anti-virus, compliance reporting, and policy management.

Last Updated on Friday, 05 March 2010 00:00
User Rating: / 1