ID-INFO blog
Your IBM i has security flaws you don’t know about. And they can be repaired.
The IBM i has earned a reputation for reliability based on decades of performance and availability for good reason. Despite this, as the operating system and IBM i appearances have evolved, there are security flaws that many users are unaware of. Sacrebleu! How is this possible?
Consider that the IBM i operating system has over 16 billion lines of code. It’s big and complex. IBM administration is more sophisticated than it looks. Very few IBM i experts know what’s really going on inside.
Let me explain: after decades of software development on the IBM i, programmers were writing code to counter business problems. These developers have not been trained to deal with the cyber attacks we have today. Too often, IBM i administrators and programmers copied user profiles for new users, unknowingly giving new users access to confidential data.
Translation of the original article by Robert Losey: https: //bit.ly/36cdJfN
5 years of undetected credit card security breach
For example, one company recently discovered that its critical credit card information had been collected for 5 years without being detected. 5 years! Ouch, how is that possible? This company has hired a Payment Card Industry (PCI) expert to process credit card payments. This programmer installed a program that collected credit information and transmitted it to an unknown recipient. This crook left at the end of his mission. His program ran every day for 5 years… and nobody in the IT team knew what was going on until a recent security assessment discovered these unknown applications.
Insider risk can be a huge hole… especially if you don’t know what to look for.
DDM and DRDA can have a high exposure to security
Distributed Data Management (DDM) and Distributed Relational Database Architecture (DRDA) have exit points. If there are no passwords for DDS and DRDA, these exit points cannot be seen by the SIEM (security information and event management).
DNS “poison” poses a false SIEM – what the hacker wants you to see – NOT the real SIEM.
SolarWinds recorded 60,000 violations over 12 months. The SIEM was the one the hackers wanted users to see – not the real SIEM. This was done with DNS poison. It presents a SIEM that the attacker wants the user to see. Not the real SIEM
How can you protect yourself and your system from these security vulnerabilities?
What you need to understand:
- Who accesses the data?
- How are data viewed?
- Can unauthorized users access data with copied user profiles and authorities?
- Why IBM i CIS security assessment?
CIS is the world’s largest consortium of technology experts who understand where security vulnerabilities hide in specific technologies. The IBM i CIS security evaluation is designed specifically for IBM i.
Only until we can assess, analyze and determine how each identified IBM i risk is being used, whether IBM i security is being used correctly and with the appropriate authority, can we develop remediation work plans.
Do you have questions about security on your IBM i? Then contact us on 01 88 32 12 34, or via contact form.