Many organizations are under the impression that if they simply configure their end-user profiles to be limited capabilities (LMTCPB(*YES)) and set their initial menu to *SIGNOFF, that their end-users will be confined to a menu, can’t run commands and, therefore, are restricted in what they can access. Surely, they can’t access application data! But what if they can? Penetration Testing for IBM i performs tests to determine what – if any – application data these limited users can access.
DXR Security’s Penetration Testing for IBM i can give you peace of mind and help you determine whether your limited users truly are limited. We do that by performing “gray box” pen testing. In other words, we use information about security-relevant system values as well as the authority settings of application libraries and database files together with user profiles that represent a cross-section of end-user roles as input to our tests. Then, we’ll attempt to gain access to and perform tasks on your IBM i. Penetration Testing for IBM i is a great add-on to network penetration tests which identify open ports and unsecure protocols. DXR Security takes penetration testing to the next level by attempting to run various tasks directly on the system with the intent of determining whether limited users truly are limited. Once testing is complete, we’ll provide an easy-to-read report describing the results and provide specific recommendations for hardening security, should any vulnerabilities be identified.
The greatest benefit from DXR Security’s Penetration Testing for IBM i is the proof of whether or not your IBM i security configuration is working as expected. Use this proof as peace of mind that your limited users truly are limited or to develop actions to further restrict them.