Taking a Proactive Approach to IBM i Security

Bill Onion

We’ve been screaming from the proverbial rooftop for a while now that while the IBM i / AS400 systems were once considered impermeable due to their uniqueness and obscurity, that’s simply not true anymore. With ransomware attacks continuing to make headline news, companies and CISOs should be asking themselves, am I next? What am I currently doing and what should I be doing to protect my data against attacks?

Our favored platform is more and more exposed every day.   Companies ignore the IBM i part of company infrastructure at their own peril. The threats are real. 
                                                                             - Robert Nettgen, CISSP and IBM i Expert 

Top 5 Things You Should Be Doing:

1. Company Wide Training

This is a no brainer. Everyone in your company should be trained on proper infosec practices. Whether that means not writing passwords on sticky notes and taping them to your computer screen, implementing two-factor authentication, or mandatory annual training for all departments (IT and beyond, really anyone with access to a computer) about how to spot spam emails and phishing links, the people in your environment should be active participants in your attempts of increasing security.

2. Responsible Drive Mapping

The integrated file share (IFS) connects your backend system to your user-facing computers, a necessary roadway for data. However, just like some roadways have stop lights and one-way streets, the same needs to be done in your drive mapping. Allowing data to flow is great, allowing data to flow freely wherever it wants, not as great, depending on the data. Take the time, set up your IFS correctly. Make sure the IFS is not mapped to the root.

3. Assigning Appropriate Authority

Another thing to look for is the number of users with All Object authority. Depending on the size and nature of your business, you may have a single person with ALLOBJ, you may have a handful of people, or you may have a full department. What you don’t want is to not have documentation for who has the authority and justification for why they need it.

ALLOBJ authority allows users to access any resource on the IBM i system. These users can modify permissions, delete files, and can grant the same permission to additional profiles. Because ALLOBJ is such a superpower, it’s imperative that its power be limited. Check your ALLOBJ permissions and while you’re there, check your permissions for all eight special authorities and administrator privileges as defined by IBM. Make sure anyone who has access to the systems, should have access, and restrict everyone else.

4. Use Tools to Help Out

Making your list and checking it twice is a great start, but there are so many ways that ransomware can fool you and wriggle its way in. When working with clients, we often recommend software tools that can help serve as an extra set of eyes to flag any suspicious changes going on in your system. We have worked with a number of partner services in the industry to help our clients and the IBM i community as a whole increase their security footprint. For example, UCG Technologies offers disaster recovery solutions and cybersecurity training to help avoid future ransomware attacks. We have teamed up with UCG in various instances helping clients improve their current infosec standing and help improve threat remediation tactics. (You can learn more in this recent IT Jungle article). As a HelpSystems partner, we help companies simplify critical IT processes by using HelpSystems automation software. We’ve also implemented the ALLOut TRACE tool (and recently hosted a webinar!) for multiple clients as it is useful for both IBM i and JDE ERPs running through the AS400. TRACE can help catch red-flag activity and address them immediately. Depending on your company’s needs, most tools can be modified and custom created so that they work for your specific needs.

5. Perform Constant Evaluations

Technology is ever-changing and constantly evolving, and your security plans need to as well. Disaster Recovery plans and security roadmaps should be monitored, tested, and modified on a regular basis. Ask yourself, when was the last time you looked at your security plan? Where is your security plan even hosted? Who came up with the plan and are all the key players still employed at the company? Does your security plan include the IBM i? Make sure that when you answer these questions, you can answer them with confidence.

Scammers have only gotten smarter and more vicious and as ransomware continues to be classified as an epidemic, make sure you’re not another one of its victims. No one wants to be the next headline.

Additional Resources:

Learn more about securing your  IBM i environment


Subscribe by Email

No Comments Yet

Let us know what you think