In this article, Carol Woodbury discusses how moving to i5/OS V6R1 will provide more security for your organization.
When asked to write this article, my immediate reaction to the question posed in the title was, "Only if people use the function provided in V6R1." There is a plethora of security functions and features in the current releases of i5/OS. The problem is, many shops don't take advantage of them. So why is V6R1 any different? To answer that question, we have to take a trip back a few releases.
Ever since security level 40 was developed, the security feature you're taking advantage of by running your systems at security level 40 (QSECURITY=40) is operating system and data integrity. For example, at security level 40, programs can't use a pointer to directly address a database file and update it. The only way to update data is through IBM-provided interfaces such as APIs and CL commands. Another example is that most internal objects can be accessed and updated only by IBM-written programs.
How does IBM provide these integrity features? By implementing something called "state" for programs and service programs and another attribute called "domain" for all object types. Both state and domain have two values: "system" and "user." When a program is running in system state, it can "touch" or "manipulate" any object, regardless of whether the object is a user domain or system domain object. System state programs, in theory, can be created only by IBM. On the other hand, user state programs are the programs that you and I create. When these programs run, they can only touch or manipulate user domain objects. Examples of user-domain objects include user spaces, user queues, etc. User state programs are forced to use CL commands and APIs to perform tasks such as updating a database file, reading a data area, retrieving the attributes of a user profile, etc. If user state programs attempt to call an operating system program (rather than use a CL command or API), the user-written program will fail with a domain error. Or if a user state program attempts to directly manipulate an internal control block or the data in a database file, the program will fail.
Why is all of this important? Because by taking advantage of the integrity provided by running the system at security level 40 or higher, you can be assured that no one can substitute a user-written program masquerading as an operating system program (a Trojan horse). You can also be assured that you can track (with integrated i5/OS auditing features) and control all accesses (with object-level security) to protect your data and know that nothing is being bypassed. This is huge, especially when you're trying to secure and audit accesses to private and confidential data.
Data and operating system integrity is also key when having to comply with laws and regulations such as the Payment Card Industry's Data Security Standards, Health Insurance Portability and Accountability Act (HIPAA), and others that have audit and access control requirements. And even though Sarbanes-Oxley (SOX) states nothing specifically about data security, no one can argue that the intent of the law is to ensure data integrity.
Through the years, IBM has made enhancements to further solidify the integrity of the operating system. Hardware storage protection was added to internal objects to further protect them from being manipulated by user state programs. In V5R1, OS/400 was digitally signed. This has made it increasingly difficult for individuals to create a program that looks like an IBM program and have that program run in system state. In addition, validation can occur to ensure no operating system objects have been altered. You request that i5/OS do a "self-check" and determine whether it has been altered. This self-check is performed by running the Check Object Integrity (CHKOBJITG) command. I recommend that you run this command at least quarterly (more often for organizations with higher security requirements.) Note: This command can be a bit resource-intensive; make sure you submit the command to run in the appropriate jobq so as not to affect the rest of your processing.
Enter V6R1
While many of you may not be looking forward to the thoughts of going through the re-translation process, it's needed so that your programs can take advantage of additional integrity enhancements added in V6R1. Re-translating the programs and service programs will ensure they are using only the instructions allowed to be run by user-written programs. In other words, if a program has been altered to run Machine Interface (MI) instructions that only IBM programs are allowed to run, these MI instructions will be removed. In this way, you know that your programs will not be running any instructions that could cause harm to the system or "destabilize" the system. In the past, user-written programs that run MI instructions only intended for use by IBM have been known to cause problems ranging from data integrity issues to system crashes. Another benefit of re-translation is that every user-written program will be set to user state, even though its state may have been altered to be system (rather than user.) This way, programs will be running in their appropriate state.
Another feature of V6R1 is that programs running in system state must have a valid digital signature, a signature generated from an IBM certificate. This provides an almost foolproof method of restricting system state programs to only those programs created by IBM for i5/OS. Attempts to restore a system state program without this digital signature will fail. (Editor's Note: See the March 26 issue of iApplication Designer for an article about digital signatures.)
As a side effect of the program re-translation as well as the requirement for all system state programs to have a valid IBM-generated signature, you may see some vendors drop support for some of their products. That's because they are using MI instructions that will be stripped out when their programs are re-translated or because they have altered their programs to run in system state. In other words, moving to V6R1 virtually assures that the only programs running in system state are ones created and shipped by IBM.
Is enhanced integrity the only new security feature in V6R1? Not by a long shot. IBM is providing us with the ability to better control the composition of passwords (for example, how many digits or special characters a password is required to contain and where in the password they can be placed), secure more objects with authorization lists, encrypt backups and auxiliary storage pools (ASPs), detect more intrusion attempts and be notified of an attack through an email or page, configure the hardware crypto card through a new user-friendly menu and command interface, associate user profiles to service tools IDs for Dedicated Service Tool (DST) use, provide disk erasure that meets U.S. Department of Defense standards, and more.
Without the integrated integrity features of i5/OS and the System i hardware, these security features would be virtually worthless. But with these integrity features, I can say without a doubt that this system is one of the most--if not the most--securable systems available today.
Carol Woodbury is IBM i Security SME and Senior Advisor to Kisco Systems, a firm focused on providing IBM i security solutions. Carol has over 30 years’ experience with IBM i security, starting her career as Security Team Leader and Chief Engineering Manager for iSeries Security at IBM in Rochester, MN. Since leaving IBM, she has co-founded two companies: SkyView Partners and DXR Security. Her practical experience and her intimate knowledge of the system combine for a unique viewpoint and experience level that cannot be matched.
Carol is known worldwide as an author and award-winning speaker on security technology, specializing in IBM i security topics. She has written seven books on IBM i security, including her two current books, IBM i Security Administration and Compliance, 3rd Edition and Mastering IBM i Security, A Modern, Step-by-Step Approach. Carol has been named an IBM Champion since 2018 and holds her CISSP and CRISC security certifications.
MC Press books written by Carol Woodbury available now on the MC Press Bookstore.
 |
||
 |
|
IBM i Security Administration and Compliance: Third Edition Don't miss the newest edition by the industry’s #1 IBM i security expert. List Price $71.95 Now On Sale
|
 |
|
Mastering IBM i Security Get the must-have guide by the industry’s #1 security authority. List Price $49.95 Now On Sale
|
More than ever, there is a demand for IT to deliver innovation. Your IBM i has been an essential part of your business operations for years. However, your organization may struggle to maintain the current system and implement new projects. The thousands of customers we've worked with and surveyed state that expectations regarding the digital footprint and vision of the company are not aligned with the current IT environment.
TRY the one package that solves all your document design and printing challenges on all your platforms. Produce bar code labels, electronic forms, ad hoc reports, and RFID tags – without programming! MarkMagic is the only document design and print solution that combines report writing, WYSIWYG label and forms design, and conditional printing in one integrated product. Make sure your data survives when catastrophe hits. Request your trial now! Request Now.
Forms of ransomware has been around for over 30 years, and with more and more organizations suffering attacks each year, it continues to endure. What has made ransomware such a durable threat and what is the best way to combat it? In order to prevent ransomware, organizations must first understand how it works.
Disaster protection is vital to every business. Yet, it often consists of patched together procedures that are prone to error. From automatic backups to data encryption to media management, Robot automates the routine (yet often complex) tasks of iSeries backup and recovery, saving you time and money and making the process safer and more reliable. Automate your backups with the Robot Backup and Recovery Solution. Key features include:
Business users want new applications now. Market and regulatory pressures require faster application updates and delivery into production. Your IBM i developers may be approaching retirement, and you see no sure way to fill their positions with experienced developers. In addition, you may be caught between maintaining your existing applications and the uncertainty of moving to something new.
IT managers hoping to find new IBM i talent are discovering that the pool of experienced RPG programmers and operators or administrators with intimate knowledge of the operating system and the applications that run on it is small. This begs the question: How will you manage the platform that supports such a big part of your business? This guide offers strategies and software suggestions to help you plan IT staffing and resources and smooth the transition after your AS/400 talent retires. Read on to learn:
LATEST COMMENTS
MC Press Online