One of the most significant benefits of IBM i is that it is traditionally viewed as a safe platform; you can’t hack it, you can’t break it, and there has never been a recorded virus. But as cyber-attacks become more and more commonplace, IT security needs to become a higher priority for everyone, including those running the seemingly impervious IBM i.
We have found that many IT shops are pretty lax on IT security because of IBM i’s stellar performance reputation. It’s so good at what it does out-of-the-box that everyone assumes the IBM i is safe. Information Security, however, is more than just checking off application option boxes labeled “secure.” IBM i added features like the IFS to share platform applications with Linux and Windows systems. Unfortunately, those same features can expose IBM i to risks.
Ransomware, Windows, and IBM i
As this IT Jungle article states, while IBM i itself is not directly susceptible to Windows viruses, the Integrated File System (IFS) can store and distribute Windows malware connected to PCs. So, if an IBM i user has their PC’s hard drive mapped into the IFS, then any malware that ends up on that PC could find its way into the IFS and do some damage.
Malware has the potential to encrypt files in the IFS, and while IBM i’s native file system doesn’t support encrypted files, ransomware often deletes the original file after encryption. So even if the encrypted file isn’t supported, the original file could very well be deleted entirely, causing a bigger problem.
The reality is that ransomware attacks have been documented on IBM i in the past (and some companies may not report they’ve been attacked). IBM i is still safe, so there’s no immediate worry there. But it’s important to be aware of what’s going on around us and to take internet security seriously even when running IBM i.
Making a Plan with Syslog Format
Because of IBM i’s “safe” reputation, too many companies leave the proverbial key under the doormat. You can have the most secure deadbolt on the market, but if you make the key accessible it doesn’t matter. Likewise, IBM i can easily become insecure if your organization doesn’t intentionally design and implement a plan for information security.
Best IT security practices indicate that organizations should be running a SIEM (Security Information and Event Management) application or a system that is monitored by an SOC (information Security Operations Center). A SIEM uses syslog format to digest and parse information that it receives.
Traditionally, IBM i did not inherently translate IBM i logs into syslog format, so organizations using IBM i needed to purchase a third-party product to do the translation. Some companies who have implemented a SIEM have chosen to skip over the IBM i server because they didn’t want to pay that extra cost to provide a conduit between IBM i and that SIEM.
Luckily, IBM has recognized this security need and provided a less expensive option to include IBM i logs in a SIEM. As of IBM i 7.2 and with the release of DB2 support, IBM i can now export History log and Audit journal to syslog.
Conduct an IBM i Security Assessment
The best way to ensure your IBM i environment is secure? Conduct an IBM i security assessment. Our process starts with a review by our team, including an IBM i-savvy CISSP. We conduct interviews with key admins, developers, and executives and gather necessary information before diving into a working checklist that gets into the technical details.
This checklist includes everything from a review of your company information security policy to network and physical security, as well as your disaster recovery plan. We then take a thorough review of the security configuration of the IBM i system. We take a deep dive into the technology setup, including user profiles, group profiles, security auditing, HMC security, system values, and others.
After the on-site review, our team puts together an assessment of what we found; the good, bad, and indifferent. This assessment includes a review of the findings, a rating of how the current systems are performing, and recommendations of industry best practices to apply moving forward.
If this sounds like the solution for you, click below to learn more and get in touch with our team.