Many organizations are under the impression that if they simply configure their end-user profiles to be limited capabilities (LMTCPB(*YES)) and set their initial menu to *SIGNOFF, that their end-users will be confined to a menu, can’t run commands and, therefore, are restricted in what they can access.
By DXR Security, LLC
DXR Security’s Penetration Testing for IBM i can give you peace of mind and help you determine whether your limited users truly are limited. We do that by performing “gray box” pen testing. In other words, we use information about security-relevant system values as well as the authority settings of application libraries and database files together with user profiles that represent a cross-section of end-user roles as input to our tests. Then, we’ll attempt to gain access to and perform tasks on your IBM i. Penetration Testing for IBM i is a great add-on to network penetration tests which identify open ports and unsecure protocols. DXR Security takes penetration testing to the next level by attempting to run various tasks directly on the system with the intent of determining whether limited users truly are limited. Once testing is complete, we’ll provide an easy-to-read report describing the results and provide specific recommendations for hardening security, should any vulnerabilities be identified.