It's time to take action: protect Power Systems servers and the network that connects to them.
Protecting your data from viruses or malicious code is not an unfamiliar concept, but understanding how these threats affect your Power Systems server may not be as easy to grasp. Many Power Systems managers still don't see viruses as a risk because they see them as a Windows threat. While this was once true, today's connected environments operate under different rules.
It's time to take action and protect IBM i, AIX, and the network that connects to them. Join noted cybersecurity expert Robin Tatam to find out common ways these business-critical operating systems may be vulnerable and how you can minimize your exposure to viruses. Learn the facts to ensure you are fully protected.
2. HelpSystems Corporate Overview. All rights reserved.
Your Presenter
Robin Tatam, CBCA CISM
Director of Security Technologies
+1 952-563-2768
robin.tatam@powertech.com
3. HelpSystems Corporate Overview. All rights reserved.
• What Are the Threats?
• Why Should We Act?
• Power System and Windows Viruses – Is My System at Risk?
• Virus Prevention and Protection
• PC-Based Scanning vs. Native Scanning
• Some Additional Myths Debunked
• Next Steps
Objectives
5. HelpSystems Corporate Overview. All rights reserved.
• Computer viruses
• Worms
• Trojan Horses
• Spyware & Adware
• Rootkit
• Ransomware
• Malware
• More…
Types of Threats
6. HelpSystems Corporate Overview. All rights reserved.
• Unauthorized applications (infected web links etc.)
• Code hidden and buried inside a different object
• A program that is masquerading as something else (usually
something innocent)
Source of Threats
7. HelpSystems Corporate Overview. All rights reserved.
• FBI warns that ransomware and malware attacks are growing
exponentially.
• 30% increase in ransomware victims in Q1 2016 compared to Q4
2015 (reported by security vendor Kaspersky Lab)
• 61% increase in the number of unique malware families over the
first half of 2016 (Check Point Software Technologies’ June Threat Index)
• Nearly 1 million malware threats are released every day (CNN, 2015)
• Viruses like Locky and CryptoLocker are mutating (CNBC, June 2016)
The Threat is Growing
11. HelpSystems Corporate Overview. All rights reserved.
Virus Protection and Regulatory Compliance
PCI DSS
Payment Card Industry Data Security Standard (PCI DSS)
Requirement 5
If you deal with payment card information, PCI DSS requires that all servers
in your network that are ‘in scope’ must have virus protection.
12. HelpSystems Corporate Overview. All rights reserved.
Virus Protection and Regulatory Compliance
HIPAA
Health Insurance Portability and Accountability Act (HIPAA)
§ 164.306 Security Standards: General Rules
Ensure the confidentiality, integrity, and availability of all electronic
protected health information the covered entity creates, receives,
maintains, or transmits.
Protect against any reasonably anticipated threats or hazards to the
security or integrity of such information.
Implement security measures sufficient to reduce risks and
vulnerabilities to a reasonable and appropriate level.
13. HelpSystems Corporate Overview. All rights reserved.
Virus Protection and Regulatory Compliance
GLB Act
Gramm-Leach-Bliley Act
§ 501: Protection Of Nonpublic Personal Information
To ensure the security and confidentiality of customer records and
information
To protect against any anticipated threats or hazards to the security
or integrity of such records
To protect against unauthorized access to or use of such records or
information which could result in substantial harm or inconvenience to
any customer
15. HelpSystems Corporate Overview. All rights reserved.
• Not everyone has to deal with a formal compliance mandate
– Not publicly traded
– Don’t process credit card information
– No personally identifying information
• But virtually everyone uses computers to run line-of-business
applications and being infected with viruses can lead to:
– Disrupt service
– Corrupt data
– Infect other devices and servers
– Disclose credentials
Lest We Not Forget: “Best Practices”
16. HelpSystems Corporate Overview. All rights reserved.
• Infections can spread across the network
• Confidential files can be sent to third parties
• Costly downtime
• Loss of professional reputation
• Legal liability as a result of data breaches
• Loss of data
What if I Don’t Scan my Power System?
18. HelpSystems Corporate Overview. All rights reserved.
Power Systems and Windows Viruses
How is my system at risk?
Myth: The majority of viruses exploit flaws in Microsoft Windows
where only a Windows-based PC can be harmed.
Fact: A virus doesn’t need to target a specific OS in order to wreak
havoc on your operations!
– An infected PC with connections to your Power Server can perform any
action for which that PC has authority.
Files can be deleted
Settings and objects can be modified
Your server could be shut down!
19. HelpSystems Corporate Overview. All rights reserved.
Good
• Fact: Viruses cannot hide inside RPG and CL programs.
• Fact: Viruses cannot hide inside physical and logical files.
• Fact: IBM i cannot run .exe files [that may contain viruses].
Bad
• Fact: Viruses can hide inside Java and Unix stream files.
• Fact: IBM i can run Java and UNIX executables.
• Fact: A Virus can rename / delete / encrypt ‘native’ objects.
I was told IBM i was Immune?!
21. HelpSystems Corporate Overview. All rights reserved.
The following are all helpful security layers but cannot guarantee that
Power Servers will not become infected or operate as the “perfect
host”
• Mail scanning
• Virus scanning on PC clients and other servers
• Firewalls
• Ignoring the risk
Security Measures That Won’t Protect Your Power System
22. HelpSystems Corporate Overview. All rights reserved.
• Implement and enforce security policies.
• Shut down unused services.
• Avoid oversharing.
• Limit access to servers.
• Enable auditing.
• Monitor so you will know right away [timeliness is the key].
• Get good backups.
• Scan for viruses regularly.
Virus Protection For Your Power System
23. HelpSystems Corporate Overview. All rights reserved.
How to Implement Anti-Virus on IBM i
• Purchase and install an AV engine.
• Decide whether to perform real-time scanning, and scheduled scans.
• Integrate with IBM-supplied exit points [real-time].
• Configure QSCANFS and QSCANFSCTL system values.
• Configure job schedule entries for AV engine and signature updates.
• Review logs.
Done!
24. HelpSystems Corporate Overview. All rights reserved.
How to Implement Anti-Virus on AIX
• Purchase and install an AV engine.
• Schedule avupdate to retrieve daily signature updates.
• Schedule avscan to perform scan on desired directories.
• Scheduling on AIX can be done with cron tab, or a third party scheduler
such as HelpSystems’ popular SkyBot Scheduler software.
• Review logs.
Done!
25. HelpSystems Corporate Overview. All rights reserved.
• Update virus signature files often! (Daily updates from McAfee)
• Schedule weekly “full” scans of files and directories.
• Schedule daily scans if a directory contains sensitive files.
• Review logs for scan results.
Anti-virus Best Practices
27. HelpSystems Corporate Overview. All rights reserved.
PC-Based Scanning vs. Native Scanning
PC-based scanning
• Requires leaving a PC signed on
with full authority, compromising its
security and integrity
• The scanning PC can infect the
server with viruses
• The entire Power System is visible
to a virus or malicious code
Native virus scanning
• Doesn’t require an outside
connection with admin authority
• No data is transferred over the
network unencrypted
• Native solutions are not vulnerable
to virus infections or disablement
PC-based virus scanning creates security concerns
28. HelpSystems Corporate Overview. All rights reserved.
PC-Based Scanning vs. Native Scanning
PC-based scanning
• Power systems use file structures
not found on Windows that can
cause non-native scans to fail
• Pop-up failure alerts require human
monitoring and intervention
throughout the scanning process
• Very manual effort
Native virus scanning
• All files can be scanned easily
• No additional hardware is required
• All detected threats will be removed
• Can run fully automated
PC-based scanning isn’t reliable
29. HelpSystems Corporate Overview. All rights reserved.
PC-Based Scanning vs. Native Scanning
PC-based scanning
• There are a number of problems
with PC-based scanning solutions
that cause the scanning process to
stop.
– lost connections
– pop-up warning messages
– lost power
Native virus scanning
• Stability concerns simply aren’t an
issue when you use software that’s
running natively on your system.
Native virus scanning eliminates stability problems
30. HelpSystems Corporate Overview. All rights reserved.
PC-Based Scanning vs. Native Scanning
PC-based scanning
• Can be incredibly slow and
increases network load dramatically
Transfer data from Power System to PC
Scan the data
Transfer the data back to the Power System
• PC scanning resets the files’ “last
access time” after scanning so all
scanned files will be unnecessarily
saved and backups will take longer
as a result.
Native virus scanning
• Do not increase your network load,
allowing for more frequent and fast
scanning
• Native scanning programs know
how to treat files and mark them
properly
• Can be triggered to run only when a
scan is necessary.
Upon alteration of an object
On-demand
Via job schedulers
Virus scanning from a PC creates performance problems
32. HelpSystems Corporate Overview. All rights reserved.
Myth: We don’t use IBM i’s Integrated File System (IFS).
Fact: Most modern applications and protocols use the IFS extensively.
Myth: The Power System cannot get a virus.
Fact: Viruses can hide inside PC and Unix files, and Java Executables.
Myth: Viruses can’t attack the system architecture.
Fact: Anything an administrator can do, a virus can do.
Myths vs. Facts
33. HelpSystems Corporate Overview. All rights reserved.
Myth: Our Power System isn’t connected to the internet.
Fact: The cable doesn’t have to be physically connected. The Power
System isn’t an island if it’s on the network.
Myth: Our firewall protects us from viruses.
Fact: There is no single solution on any platform that gives you 100%
protection, including firewalls.
Myth: I can scan the Power System with my PC virus scanner.
Fact: PC-based solutions can be used but they may miss files, require
a manual process, and open many security holes.
Myths vs. Facts
37. HelpSystems Corporate Overview. All rights reserved.
• Decompress and scan compressed files
• Detects Macros and script viruses
• Detects encrypted and polymorphic viruses
• Detects new viruses in executable files
• Detects “Trojan horses,” worms, and other kinds of malicious software
• Upgrades easily for new anti-virus technology
Why McAfee Commercial Scan Engine
38. HelpSystems Corporate Overview. All rights reserved.
Native Virus Scanning for Power Systems
HelpSystems StandGuard Anti-Virus
System values and exit points unlock native anti-virus scanning
capabilities within IBM i.
StandGuard Anti-Virus is the only commercial-grade anti-virus
engine for IBM i and is powered by McAfee (a division of Intel)
ensuring ongoing virus signatures and scan engine updates.
Discover the performance and integrity advantages of native
scanning versus remote scanning.
Benefit from real-time protection, as well as scheduled and on
demand scans.
Access virus removal and quarantine functions.
Scan IBM i, AIX, Linux (x86) and Lotus Domino databases
41. HelpSystems Corporate Overview. All rights reserved.
• Expansive Software Portfolio, including Anti-Virus for Power Servers.
• Comprehensive Professional Services.
• World-Class Security Experts:
– Robin Tatam, CISM
– Carol Woodbury, CRISC
• Member of PCI Security Standards Council.
• Authorized by NASBA to Issue CPE Credits for Security Education.
• Publisher of the Annual “State of IBM i Security” Report.
About HelpSystems’ Security Investment