briteskies-knowledge-base

IBM i Security: How to Keep Your System Safe

Bill Onion
March 2021

ibm i security

One of the most significant benefits of IBM i is that it is traditionally viewed as a safe platform; strong security features, robust hardware, and it’s uncommon that a virus is written to attack it. But as cyber-attacks become more and more commonplace, IT security needs to become a higher priority for everyone, including those running the seemingly impervious IBM i.

Ransomware, Windows, and IBM i

We have found that many AS400 shops are pretty lax on IT security because of IBM i’s stellar performance reputation. It’s so good at what it does out-of-the-box that everyone assumes the IBM i is safe. Information security, however, is more than just checking off application option boxes labeled “secure.” A solid security plan has information security management system policies in place to address compliance, risk mitigation and remediation, as well as a means to evaluate and update those policies as technology and business needs evolve. When IBM i added features like the IFS to share platform applications with Linux and Windows systems, it provided enhanced utilization, but also increased the IBM i exposure to potential risks.

IBM i Security Threats & Risk Mitigation Solutions

The IBM i is usually considered relatively safe from Windows viruses; however, the IFS (Integrated File System) can be susceptible. This is because the IFS stores files from PCs. The malware simply needs to infect a PC running Windows with connections to shared drives and use them as a conduit to penetrate deeper into the network. If the infected computer is mapped to the IFS the malware can access shared folders and multiple networks, creating a vector for infection.

If the infected PC detonates the ransomware, the virus can write back to the drive mapped to the IFS. If the IFS is mapped to the root, a bad security practice all in of itself, the IBM i itself can crash, forcing you to reach for your DR plan and likely halting your business. For this reason, when using the IFS be sure to only share the directories needed, and we strongly consider running a virus scanner on the IFS as an additional precaution.

Threat Remediation

Given the emerging security threats, you may be asking yourself what is the best way to remediate threats and ensure that your current IBM i environment is, and stays, secure?

Integrating SIEM Solutions to safeguard you IBM I / AS400

A great way to keep your system safe is by setting up an alarm system to quickly detect and identify potential threats. Security Information and Event Management (SIEM) solutions are the whistleblowers within your infrastructure. SIEMs “ingest” server logs and create alerts to security events and trends.. SIEM software gathers information from servers, applications, network devices and more, alerting you when something looks suspicious and presenting you with data so you can investigate and respond.

Though SIEM originally wasn’t thought necessary for the IBM i, with the sophistication of ransomware, IBM i 7.2 and on includes the ability to so IBM i can connect to SIEMs using syslog format and third party applications or custom polling of the security audit journal, history log and potentially application logs. This connection allows the IBM i server to be combed for potential threats, decreasing your risk and improving your response time to those threats.

Benefits of an IBM i Security Assessment

Whether you have a process in place or are looking to set up better security practices, an IBM i security assessment is a perfect starting point. A security assessment is a tailored approach that recognizes the uniqueness of each business. By administering an Information Security Assessment, you can identify process, network and procedural weaknesses and vulnerabilities. Once you have that information you can work to remediate your security posture by creating an overall continuous improvement process.

Our assessment starts with a policy review conducted by our IBM i-savvy CISSP and IBM i security experts. We conduct interviews with key admins, developers, and executives and gather necessary information before diving into a custom checklist that evaluates your information security management system.

This checklist includes everything from a policy review of your company information security policies, network and physical security, as well as your disaster recovery plan. We conduct a thorough inspection of the security configuration of your IBM i server, user profiles, group profiles, special authorities, security auditing, HMC security, system values, and network connections. 

After the review, our team puts together an assessment of what we found; the good, the bad, and the possibly ugly. This includes a review of our findings and recommendations for how to improve practices to apply moving forward.

Keeping Your System Safe

Just because you’re running an IBM i , doesn’t mean you can assume information security and server security on the IBM i magically happens by itself. With the increasing reach, sophistication, and prevalence of threat actors, information security work has become a necessity. Our goal at Briteskies is to work with you to help you safeguard your system from internal and external threats. By taking a wholistic approach to information security, Briteskies helps you improve your information security posture.

Check out What is an IBM i Security Assessment for detailed examples of our security assessment process, findings, and solutions.

To learn more about securing your IBM i system, visit our Security Resource Page

Editor's Note: This blog was originally posted in November 2017 and has been updated with new information.

Contact Us to get your security questions answered

 

A Great Offer, Just a Click Away

Lorem ipsum dolor sit amet, consectetur adipiscing elit

Subscribe by Email

No Comments Yet

Let us know what you think