25
Mon, Nov
1 New Articles

Popular Security Terms and How They Relate to IBM i

IBM i (OS/400, i5/OS)
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

Carol describes terminology prevalent in the security world, explains what it means, and identifies how it applies to IBM i.

I subscribe to several security-related newsletters. I was reading an article the other day, and it used the phrase “good security hygiene.” I thought I knew what that meant but did a bit of research to make sure. That experience made me think that it might be helpful to explain some security terminology and describe how it relates to IBM i. Let me start with the phrase that inspired this article.

 

Good Security Hygiene

You might be able to guess what this term means. Basically, if you practice good security hygiene, you’re implementing security best practices. Most of my columns focus on implementing IBM i security best practices, so I’m not going to provide a comprehensive list, but examples of best practices include running at QSECURITY level 40 or 50, configuring auditing and saving audit journal receivers, requiring strong passwords, appropriately securing data, using secure (encrypted) communications, eliminating excess special authorities, staying current on PTFs, etc.

 

Data Loss Prevention (DLP)

DLP is not a process or practice but a technology. The purpose of this technology is exactly what the name saysto prevent the loss of data. How, exactly, does it work? Most of you are familiar with exit point software such as PowerTech’s Network Security product. Think of DLP as exit point software for your entire organization. Just as IBM i vendors create an interface for you to define rules as to who is allowed to use FTP or download a specific file via ODBC for example, DLP allows you to define rules as to how much data can be downloaded or sent outside of your organization as well as who can do so.

 

The reason I say DLP is for your entire organization is because the rules can be applied to email, USB ports, FTP to external sites, etc. A rule can be defined for almost anywhere data flows. Rules can be quite granular. For example, you can specify that any email containing more than two cleartext credit card numbers going to an external address is to be blocked. Or you can say that file containing certain types of information can be emailed or FTPed out of your network by a specific group of people but attempts by anyone else are to be blocked. And just like IBM i exit point software, you can choose either to just log the flow of data or to stop it.

 

While DLP is incredibly powerful technology, getting it implemented is quite time-consuming. “Tuning” the rules so that you are not blocking legitimate business traffic and you are eliminating false-positives takes significant effort.

 

So is DLP available on IBM i? All DLP software can read data being sent off of IBM i. Some DLP vendors have modules that look at data residing specifically on IBM i, but many just look at the contents of files in the IFS. A handful examine DB2 files. So depending on your requirements, yes, DLP is available for IBM i. And one could argue that exit point software provides some functions of the DLP technology.

 

Viruses vs. Malware

What’s the difference between a virus and malware? Malware is the term for code whose intent is malicious. A virus is a form of malware as are ransomware, spyware, logic bombs, Trojan horses, and (my favorite) nagware. Can malware affect IBM i? The answer is a resounding yes. To date, no viruses have been written specifically for IBM i (thank goodness!), but that doesn’t mean one couldn’t be written. In addition, many IBM i shops have been affected by ransomware. Users’ PCs have become infected and, because they were mapped to a share defined for a directory in the IFS, the objects in that directory have been encrypted. Several steps can be taken to reduce your risk: Don’t share root, define shares as read-only whenever possible, and set appropriate object-level authorities on the directories to limit the type of activity the ransomware can take on the objects in the directories.

 

Which brings me to my next term…

 

Phishing

Phishing is when an attempt is made to gain access to confidential informationuser IDs and passwords, bank account information, credit card numbers, etc. Phishing usually occurs via email. The email typically contains a link to a site that downloads some form of malware or has an attachment that will install malware when opened. Spear phishing is email that appears to come from a legitimate source such as your CEO or CIO. Spear phishing is often more successful because it has a much more legitimate “look and feel” about it. Targeted spear phishing are attempts targeted at specific individuals or organizations. At the time of this writing, the healthcare industry is the most targeted industry. It’s being hit by ransomware because the need to have access to healthcare information by healthcare professionals is usually immediate. So unless the organization has immediate access to a recent backup, healthcare organizations are more apt to pay the ransom to get its information unlocked.

 

Regardless of the operating systems or technology in use by an organization, all users throughout all organizations need to be educated on phishing and know how to avoid being a victim. The holidays will be upon us before we know it, and with that comes a rise in spear phishing. Users must be educated to not click on links that appear to be from FedEx or UPS, for example, but are instead an attempt at phishing.

 

Hacking

I continue to hear that IBM i has never been hacked. This is simply not true. Let’s define the term “hacking.” According to Computer Crime Research Center, hacking is defined as the “unauthorized use of computer or network resources.” I know of specific cases in which an IBM i has been hacked. But even if I hadn’t been aware of these facts, you couldn’t tell me, given this definition, that the data residing on all IBM i’s around the world hasn’t been accessed inappropriately. Why do I bring this up? Some organizations still have their heads in the sand when it comes to the need to secure their data residing on IBM i. They continue to believe that IBM i is secure rather than secure-able and they don’t see the need to take any action. Actually, I think they just don’t want to “go there” so the “IBM i is secure” line is their excuse for not taking action.

 

How has IBM i been hacked? The answer takes me full circle to the original term I discussed. IBM i was hacked not because of vulnerabilities in the operating system. IBM i has been hacked in organizations that have failed to practice good security hygiene. Need I say more?

 

Finally

I hope this discussion of security terminology has been helpful and has opened your eyes to how IBM i can be affected.

Carol Woodbury

 

Carol Woodbury is IBM i Security SME and Senior Advisor to Kisco Systems, a firm focused on providing IBM i security solutions. Carol has over 30 years’ experience with IBM i security, starting her career as Security Team Leader and Chief Engineering Manager for iSeries Security at IBM in Rochester, MN. Since leaving IBM, she has co-founded two companies: SkyView Partners and DXR Security. Her practical experience and her intimate knowledge of the system combine for a unique viewpoint and experience level that cannot be matched.

Carol is known worldwide as an author and award-winning speaker on security technology, specializing in IBM i security topics. She has written seven books on IBM i security, including her two current books, IBM i Security Administration and Compliance, 3rd Edition and Mastering IBM i Security, A Modern, Step-by-Step Approach. Carol has been named an IBM Champion since 2018 and holds her CISSP and CRISC security certifications.


MC Press books written by Carol Woodbury available now on the MC Press Bookstore.

IBM i Security Administration and Compliance: Third Edition
Don't miss the newest edition by the industry’s #1 IBM i security expert.
List Price $71.95

Now On Sale

Mastering IBM i Security Mastering IBM i Security
Get the must-have guide by the industry’s #1 security authority.
List Price $49.95

Now On Sale

BLOG COMMENTS POWERED BY DISQUS

LATEST COMMENTS

Support MC Press Online

$

Book Reviews

Resource Center

  • SB Profound WC 5536 Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application. You can find Part 1 here. In Part 2 of our free Node.js Webinar Series, Brian May teaches you the different tooling options available for writing code, debugging, and using Git for version control. Brian will briefly discuss the different tools available, and demonstrate his preferred setup for Node development on IBM i or any platform. Attend this webinar to learn:

  • SB Profound WP 5539More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.

  • SB HelpSystems ROBOT Generic IBM announced the E1080 servers using the latest Power10 processor in September 2021. The most powerful processor from IBM to date, Power10 is designed to handle the demands of doing business in today’s high-tech atmosphere, including running cloud applications, supporting big data, and managing AI workloads. But what does Power10 mean for your data center? In this recorded webinar, IBMers Dan Sundt and Dylan Boday join IBM Power Champion Tom Huntington for a discussion on why Power10 technology is the right strategic investment if you run IBM i, AIX, or Linux. In this action-packed hour, Tom will share trends from the IBM i and AIX user communities while Dan and Dylan dive into the tech specs for key hardware, including:

  • Magic MarkTRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now!  Request Now.

  • SB HelpSystems ROBOT GenericForms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.

  • SB HelpSystems ROBOT GenericIT security is a top priority for businesses around the world, but most IBM i pros don’t know where to begin—and most cybersecurity experts don’t know IBM i. In this session, Robin Tatam explores the business impact of lax IBM i security, the top vulnerabilities putting IBM i at risk, and the steps you can take to protect your organization. If you’re looking to avoid unexpected downtime or corrupted data, you don’t want to miss this session.

  • SB HelpSystems ROBOT GenericCan you trust all of your users all of the time? A typical end user receives 16 malicious emails each month, but only 17 percent of these phishing campaigns are reported to IT. Once an attack is underway, most organizations won’t discover the breach until six months later. A staggering amount of damage can occur in that time. Despite these risks, 93 percent of organizations are leaving their IBM i systems vulnerable to cybercrime. In this on-demand webinar, IBM i security experts Robin Tatam and Sandi Moore will reveal:

  • FORTRA Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:

  • FORTRAManaging messages on your IBM i can be more than a full-time job if you have to do it manually. Messages need a response and resources must be monitored—often over multiple systems and across platforms. How can you be sure you won’t miss important system events? Automate your message center with the Robot Message Management Solution. Key features include:

  • FORTRAThe thought of printing, distributing, and storing iSeries reports manually may reduce you to tears. Paper and labor costs associated with report generation can spiral out of control. Mountains of paper threaten to swamp your files. Robot automates report bursting, distribution, bundling, and archiving, and offers secure, selective online report viewing. Manage your reports with the Robot Report Management Solution. Key features include:

  • FORTRAFor over 30 years, Robot has been a leader in systems management for IBM i. With batch job creation and scheduling at its core, the Robot Job Scheduling Solution reduces the opportunity for human error and helps you maintain service levels, automating even the biggest, most complex runbooks. Manage your job schedule with the Robot Job Scheduling Solution. Key features include:

  • LANSA Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.

  • LANSAWhen it comes to creating your business applications, there are hundreds of coding platforms and programming languages to choose from. These options range from very complex traditional programming languages to Low-Code platforms where sometimes no traditional coding experience is needed. Download our whitepaper, The Power of Writing Code in a Low-Code Solution, and:

  • LANSASupply Chain is becoming increasingly complex and unpredictable. From raw materials for manufacturing to food supply chains, the journey from source to production to delivery to consumers is marred with inefficiencies, manual processes, shortages, recalls, counterfeits, and scandals. In this webinar, we discuss how:

  • The MC Resource Centers bring you the widest selection of white papers, trial software, and on-demand webcasts for you to choose from. >> Review the list of White Papers, Trial Software or On-Demand Webcast at the MC Press Resource Center. >> Add the items to yru Cart and complet he checkout process and submit

  • Profound Logic Have you been wondering about Node.js? Our free Node.js Webinar Series takes you from total beginner to creating a fully-functional IBM i Node.js business application.

  • SB Profound WC 5536Join us for this hour-long webcast that will explore:

  • Fortra IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn: