SlideShare a Scribd company logo

Top Ten Settings that Leave your IBM i Vulnerable

Download as PPTX, PDF
Precisely
Precisely

Contrary to popular belief, IBM i is NOT secure by default. Thankfully, it IS secure-able. View this on-demand webinar to explore the top configuration settings that leave your IBM i vulnerable – to accidental misconfiguration, being infected with malware (including ransomware), an outside attacker, or an ill-intentioned insider. During this webinar, Carol Woodbury, President and CTO of DXR Security describes the vulnerability, provides considerations prior to changing settings, and high-level instructions for eliminating each vulnerability.

Technology
1 of 59
Bill Hammond | Precisely Carol Woodbury | DXR Security John Vanderwall | DXR Security Top Ten Settings that Leave your IBM i Vulnerable
Housekeeping Webinar Audio • Today’s webinar audio is streamed through your computer speakers • If you need technical assistance with the web interface or audio, please refresh your browser window – Chrome is recommended Questions Welcome • Submit your questions at any time during the presentation using the Q&A box Recording and slides • This webinar is being recorded. You will receive an email following the webinar with a link to the recording and slides
The global leader in data integrity Trust your data. Build your possibilities. Our data integrity software and data enrichment products deliver accuracy and consistency to power confident business decisions. Brands you trust, trust us Data leaders partner with us of the Fortune 100 90 Customers in more than 100 2,000 employees customers 12,000 countries
© DXRSecurity, All Rights Reserved. Carol Woodbury, CISSP, CRISC, PCIP carol@dxrsecurity.com Top 10 Settings that Leave your IBM i Vulnerable
Goal To give you topics to consider, and once you’ve considered them, evaluate whether you need to make changes - based on your organization’s business requirements - and then take a step to improve security and reduce risk
Issue #10 – Nothing Needs to be Done  Belief that IBM i is secure by default  “We trust our employees”  No regulatory compliance requirements
So….. the data residing on IBM i isn’t important to your organization?
Acknowledge that Accidental Errors Occur  Insiders  Malicious insider – 14%  Credential theft – 23%  Negligence – 63%  Ponemon Institute The Cost of Insider Threats – 2020  https://www.ibm.com/security/digita l-assets/services/cost-of-insider- threats/#/
Issue #9 – Setting and Forgetting  Security project has completed or an audit performed – no process in place to review:  User profile settings  Default passwords  Special authorities  Group membership  Old profiles  Authority settings  Libraries, directories, files  Authorization lists  File Shares  TCP/IP Settings  Auto-start values, Encryption settings
Security is not a one-time event … It’s a lifestyle
Review ‘Regularly’  User profiles  Default passwords  ANZDFTPWD  Special authorities  PRTUSRPRF  Group membership  DSPAUTUSR SEQ(*GRPPRF) OUTPUT(*PRINT)  Authority settings  Files  Directories  PRTPVTAUT OBJTYPE(*DIR) DIR('/your directory') SCHSUBDIR(*YES)  Authorization lists  PRTPVTAUT OBJTYPE(*AUTL) CHGRPTONLY(*YES)
QSYS2.user_info – Special Authorities
Object Authority Services  QSYS2.object_privileges (DSPOBJAUT)  QSYS2.ifs_object_privileges (DSPAUT)  QSYS2.object_ownership (WRKOBJOWN / QSYLOBJA)
Issue #8 – Running at the Wrong Security Level Vulnerable to:  Running batch jobs with elevated authority  By-passing some auditing  Calling OS programs directly  Note: Permissions when profiles are created include *ALLOBJ and *SAVSYS (level 20) -20 0 20 40 60 80 100 Level 10 Level 20 Level 30 Level 40 Level 50 Total Available IBM i Security Capabilities QSECURITYValue
Moving to a Higher Security Level  Moving from 30 to 40/50:  Must audit to determine issues (if any)  Moving from 20 to 40/50  Much more planning required  Details can be found:  IBM i Security Reference, Chapter 2  IBM i Security Administration and Compliance, 3rd edition
Issue #7 – Not Requiring a Password for DDM  An attribute of the DDM server determines whether a password is required on the target system  Using ADDSVRAUTE, a user can define that they will run as a different profile on the target system – including QSECOFR
Securing DDM  Investigate what profiles are using DDM prior to changing the server attributes to require a password!  Use the GR audit journal entries, looking for use of DDM/DRDA  Look at the exit point logs  Add a server authentication entry for each profile using DDM  Using a group profile for DDM access  https://www.ibm.com/support/pages/simplified-ddm-and-drda-authentication- entry-management-using-group-profiles  Use current user’s password for DDM access  https://www.ibm.com/support/pages/enable-drda-and-ddm-authentication-using- user-profiles-password
Securing DDM - continued  Set ADDSVRAUTE to *PUBLIC *EXCLUDE  Set QSECOFR to STATUS(*DISABLED)  Use Application Administration to shut off access  Use Exit Point software to log and control access
Issue #6 – Keeping Around Old Stuff  Inactive profiles  Archived data past retention schedule  Copies made prior to updating a database  filenameX, filenameOld, filename2, filenameCopy  De-commissioned servers  Past versions of vendor products  Vendor products no longer in use  File shares
#6a – Profiles Remain with Access / Power  Even though Users (employees / contractors) have left the organization, their access remains  MUST have process to ensure immediate access is terminated  Don’t forget SAAS applications – payroll/HR, CRM, etc  Use:  CHGUSRPRF to *DISABLE on a specific date or timeframe (days)  GO SECTOOLS  Option 8 to *DISABLE or *DELETE on a specific date  WRKOBJOWN or QSYS2.object_ownership to find owned objects
Issue #5 – Sessions aren’t Encrypted  Internal communications are often not encrypted  WFH or WFS (Work from Starbucks  ) not using a VPN  Vulnerable to sniffing
Encrypt Sessions  Obtain a digital certificate from a well-known CA (Certificate Authority) or configure IBM i to be a CA  https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/rzahu/rzahurazhu digitalcertmngmnt.htm  http://your_system_name:2006/dcm/login  Use the SSLCONFIG or TLSCONFIG (V7R4) SST command to determine what protocols are in use  https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/rzain/rzainhscoun ter.htm  Use the *NETSCK, *NETUDP and *NETTELSVR in QAUDLVL to determine if unsecure communications are in use (V7R3)  https://www.mcpressonline.com/security/ibm-i-os400-i5os/how-can-i-tell- whether-all-the-connections-to-my-ibm-i-are-secure
Issue #4 – Data is Not Protected  Data is not protected against:  accidental modification  accidental (or purposeful) deletion  downloading by individuals without a business justification
How / Why does this Happen?  Perception that object security is too difficult  IFS is ignored  An organization’s corporate data is ignored  People don’t realize where (all) the data is located
Multiple Layers of Defense / Defense in Depth  Object security  NOT all or nothing!  Authority Collection – added in V7R3 and enhanced in V7R4  Masking and/or additional permissions via Row and Column Access Control (RCAC)  Encryption via FIELDPROC  Exit point software Implement as many layers of defense as is required to reduce risk to an acceptable level
Issue #3: Lack of Visibility into What’s Happening on IBM i  No auditing enabled or never reviewed  Not sending information to organization’s SIEM
Audit Recommendations QAUDCTL  *OBJAUD  *AUDLVL  *NOQTEMP (optional) QAUDLVL  *AUTFAIL  *PGMFAIL (only when moving from 20/30 to 40/50)  *CREATE  *DELETE  *PTFOPR, *PTFOBJ  *SAVRST  *SECCFG and *SECRUN (or *SECURITY)  *SERVICE  *OBJMGT  *JOBBAS (generates A LOT of entries)  *ATNEVT (intrusion detection at IP stack level)
SIEM  Are you sending IBM i events to your SIEM?  If not, why not?  What’s your SIEM used for?  System of record or to detect inappropriate activity  See MC Press article for more considerations  https://www.mcpressonline.com/security/ibm-i-os400-i5os/what- ibm-i-information-should-i-be-sending-to-my-siem
Send Audit Entries Indicating an Attack to your SIEM  PW  ‘U’ entries where the User is “root” or “Admin” and attempt originates from outside of the organization  ‘P’ entries where many occur within a short period of time and for the well-known IBM i-supplied profiles (QSYS, QSECOFR, QUSER, QSYSOPR, QPGMR, QSRV, QSRVBAS)  JS  Job start entries that originate from an unknown external IP address  Job starts for unknown entries (such as QSECOFR)  CP  Password changes for QSECOFR and other IBM-supplied profiles  Re-enablement of QSECOFR (if kept STATUS *DISABLED)  https://www.mcpressonline.com/security/ibm-i-os400-i5os/what-ibm-i- information-should-i-be-sending-to-my-siem
Use Intrusion Detection IM – Audit entries – Used to detect DDoS attacks and cryptomining malware See https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/rzaub/rzaubkickoff.htm >>> It takes tuning! <<<
Issue #2: Authentication  Running at the wrong password level  Allowing weak passwords (including default passwords)  No multifactor authentication (MFA)  Credential stuffing
Password Level (QPWDLVL) System value 0 Default Character set: A-Z, 0-9, $, @, # and _ Maximum length: 10 1 Same as level 0 but gets rid of old NetServer password- Safe to move if you are not using NetServer or not connecting with Windows 95, 98, ME or Windows 2000 server – end users will see no difference 2 Character set: Upper / lower case, all punctuation and special characters, numbers and spaces Maximum length: 128 Keeps NetServer password, encrypts with old and new algorithms Sign on screen changed to accommodate longer password, CHGPWD and CRT/CHGUSRPRF pwd field changed 3 Same as level 2, gets rid of old encrypted password and old NetServer password Safe to move if you are not using NetServer or not connecting with Windows 95, 98, ME or Windows 2000 server – end users will see no difference Changes require an IPL Move to level 2 prior to moving to 3. At level 2, can sign on with a password that’s ALL CAPS or all lower until password is changed. *** User education required!***
Sign-on System Values System value Recommended setting QMAXSIGN 3-5 QMAXSGNACN 2 (Disable the profile) or 3 (Disable the profile and device)
Password Composition Rules (WRKSYSVAL QPWD*)
QPWDRULES *PWDSYSVAL or  *CHRLMTAJC  *CHRLMTREP  *DGTLMTAJC  *DGTLMTFST  *DGTLMTLST  *DGTMAXn  *DGTMINn  *LMTSAMPOS  *LMTPRFNAME  *LTRLMTAJC  *LTRLMTFST  *LTRLMTLST  *LTRMAXn  *LTRMINn  *MAXLENnnn  *MINLENnnn  *MIXCASEnnn  *REQANY3  *SPCCHRLMTAJC  *SPCCHRLMTFST  *SPCCHRLMTLST  *SPCCHRMAXn  *SPCCHRMINn V7R2  *ALLCRTCHG Recommended: Rules are all in one place, more options Note: ALL rules must go in QPWDRULES once it’s changed from the default.
Default Passwords  Specify *LMTPRFNAME and *ALLCRTCHG in QPWDRULES  Specifying that the password has to be changed at first sign-on is no protection!  Run ANZDFTPWD to discover
Credential Stuffing  Using previously stolen / compromised credentials (user id and passwords) to attempt to gain access to a different site or organization.  DO NOT re-use passwords!!!
EDUCATION
Multi-factor Authentication (MFA)  Requires two or more ‘factors’ to authenticate (gain access to the system)  Something you know (password, pin)  Something you are (fingerprint, facial recognition, optical scan)  Something you have (token, bank card)  Recommended for at least ‘powerful’ profiles  Helps prevent credential stuffing
Issue #1: Malware Two types of malware affect IBM i:  Resident (Stored) in the IFS  Coming in via a file share
*ALLOBJ and Directory Permissions  Unlike Windows, there is no permission on the share itself  What the malware can do will depend on  How the share is defined – Read only or Read/Write  The user’s authority to the directory and objects in the directory
File Shares Worst possible scenario is to have a Read/Write share to root
Directory Permissions Recommended *PUBLIC authority for root: DTAAUT(*RX) OBJAUT(*NONE)
To Reduce the Risk Of Malware  Educate your users!  Back-ups  Do them!  Verify them!  Store them separately  Shares  DO NOT SHARE ROOT !!!! (or QSYS.lib)  Remove unnecessary shares  Set shares to Read-only where possible  Hide shares by creating with a ‘$’ – e.g. newshare$  Turn off broadcasting of the NetServer
To Reduce the Risk Of Malware - continued  Permissions  After review, set root to DTAAUT(*RX) OBJAUT(*NONE)  Review critical paths and restrict access as appropriate  Ransomware has started to exfiltrate the data and threaten to post it  Review who has *ALLOBJ special authority  Exit programs  If you have exit point software, use the NetServer exist to control which profiles can use the IFS  Consider network segmentation
If Infected …  Pull out your incident response plan !  Determine if you’re still under attack or if it’s contained  Determine if you can resolve yourself or need to call in experts  Determine if you need to notify law enforcement  If ransomware, determine if ransom will be paid Quality and availability of your back-ups may determine whether you can recover from a malware attack
Real Scenario Dear MsWoodbury, I was forwarded your info. As of last night, we are being held hostage.We've been in touch with the FBI and IBM.We have a ransom note on our servers. I can be reached at xxx-xxx-xxxx - via LinkedIn and Voicemail 48
Don’t be Overwhelmed! To give you topics to consider, and once you’ve considered them, evaluate whether you need to make changes - based on your organization’s business requirements - and then take a step - ANY step – to improve security and reduce risk
For More Information IBM i Services page  https://www.ibm.com/support/pages/node/1119123  https://gist.github.com/forstie RCAC Redpiece  http://www.redbooks.ibm.com/abstracts/redp5110.html?Open Intrusion Detection  https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/rzaub/rzaubpdf. pdf?view=kc IBM i Security Reference – PDF https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/rzarl/sc415302.pdf?v iew=kc  Chapters 2 and 3 – System Values  Chapter 9 - Auditing  Chapter 10 – Authority Collection IBM i Security Administration and Compliance, 3nd edition, by Carol Woodbury, 2020. 50
The DXRSecurity Services Portfolio
DXRSecurity Services 1) Annual IBM i Security Analysis Subscription  Includes:  2 Vulnerability Discovery Instances per year  12 hours of assistance per year  Sold per partition/LPAR 2) Vulnerability Discovery  Sold per partition/LPAR 3) Vulnerability Confirmation  Includes:  Testing and validation of vulnerabilities  Understand if compensating controls that are in place actually work  Understand how much access people have to critical files  Similar to a “penetration test” for the IBM i, but far more customized 4) Security Education  Includes:  2 Day Course (virtual or onsite “post Covid”)  Learn Security from an Expert  Sold “per student” plus expenses if onsite
Why DXR Security?  Unquestioned Expertise  Carol Woodbury  Former Security Architect and Chief Engineering Manager for Enterpriser Server group at IBM  Only Commercially available book on IBM i Security. “IBM i Security Administration and Compliance”  25+ years in IBM i Security  John Vanderwall  20+ years selling IBM i Security services and software  CEO and VP roles  Doubled size of security services business in 4 years  We are all about “action” – not overwhelming you with huge amounts of information
Questions? Contact: carol@DXRSecurity.com
How Precisely Can Help
56 Assure Security addresses the issues on the radar screen of every security officer and IBM i admin Compliance Monitoring Gain visibility into all security activity on your IBM i and optionally feed it to an enterprise console Access Control Ensure comprehensive control of unauthorized access and the ability to trace any activity, suspicious or otherwise Security Risk Assessment Assess your security threats and vulnerabilities Data Privacy Protect the privacy of data at-rest or in-motion to prevent data breaches
57 Choose the full product Choose a feature bundle Or select a specific capability Assure Security Assure Data Privacy Assure Encryption Assure Secure File Transfer Assure Monitoring and Reporting Assure Db2 Data Monitor Assure Access Control Assure System Access Manager Assure Elevated Authority Manager Assure Multi-Factor Authentication Assure Security Risk Assessment Assure Compliance Monitoring
Q&A
Top Ten Settings that Leave your IBM i Vulnerable

Recommended

System Hardening Recommendations_FINAL
System Hardening Recommendations_FINALSystem Hardening Recommendations_FINAL
System Hardening Recommendations_FINALMartin Evans
 
Getting Started with IBM i Security: Integrated File System (IFS)
Getting Started with IBM i Security: Integrated File System (IFS)Getting Started with IBM i Security: Integrated File System (IFS)
Getting Started with IBM i Security: Integrated File System (IFS)HelpSystems
 
CryptionPro Hdd Flyer English
CryptionPro Hdd Flyer EnglishCryptionPro Hdd Flyer English
CryptionPro Hdd Flyer Englishcynapspro GmbH
 
Lecture 11 managing the network
Lecture 11 managing the networkLecture 11 managing the network
Lecture 11 managing the networkWiliam Ferraciolli
 
Planning Optimal Lotus Quickr services for Portal (J2EE) Deployments
Planning Optimal Lotus Quickr services for Portal (J2EE) DeploymentsPlanning Optimal Lotus Quickr services for Portal (J2EE) Deployments
Planning Optimal Lotus Quickr services for Portal (J2EE) DeploymentsStuart McIntyre
 
Microsoft Windows 7 Enhanced Security And Control
Microsoft Windows 7 Enhanced Security And ControlMicrosoft Windows 7 Enhanced Security And Control
Microsoft Windows 7 Enhanced Security And ControlMicrosoft TechNet
 
Lecture 12 monitoring the network
Lecture 12 monitoring the networkLecture 12 monitoring the network
Lecture 12 monitoring the networkWiliam Ferraciolli
 
Lecture 3 more on servers and services
Lecture 3 more on servers and servicesLecture 3 more on servers and services
Lecture 3 more on servers and servicesWiliam Ferraciolli
 

Recommended

System Hardening Recommendations_FINAL
System Hardening Recommendations_FINALSystem Hardening Recommendations_FINAL
System Hardening Recommendations_FINALMartin Evans
 
Getting Started with IBM i Security: Integrated File System (IFS)
Getting Started with IBM i Security: Integrated File System (IFS)Getting Started with IBM i Security: Integrated File System (IFS)
Getting Started with IBM i Security: Integrated File System (IFS)HelpSystems
 
CryptionPro Hdd Flyer English
CryptionPro Hdd Flyer EnglishCryptionPro Hdd Flyer English
CryptionPro Hdd Flyer Englishcynapspro GmbH
 
Lecture 11 managing the network
Lecture 11 managing the networkLecture 11 managing the network
Lecture 11 managing the networkWiliam Ferraciolli
 
Planning Optimal Lotus Quickr services for Portal (J2EE) Deployments
Planning Optimal Lotus Quickr services for Portal (J2EE) DeploymentsPlanning Optimal Lotus Quickr services for Portal (J2EE) Deployments
Planning Optimal Lotus Quickr services for Portal (J2EE) DeploymentsStuart McIntyre
 
Microsoft Windows 7 Enhanced Security And Control
Microsoft Windows 7 Enhanced Security And ControlMicrosoft Windows 7 Enhanced Security And Control
Microsoft Windows 7 Enhanced Security And ControlMicrosoft TechNet
 
Lecture 12 monitoring the network
Lecture 12 monitoring the networkLecture 12 monitoring the network
Lecture 12 monitoring the networkWiliam Ferraciolli
 
Lecture 3 more on servers and services
Lecture 3 more on servers and servicesLecture 3 more on servers and services
Lecture 3 more on servers and servicesWiliam Ferraciolli
 
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...IBM Danmark
 
Adnmag
AdnmagAdnmag
Adnmagguest8d2103
 
From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...
From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...
From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...Priyanka Aash
 
Big ip-ltm-asm-dg
Big ip-ltm-asm-dgBig ip-ltm-asm-dg
Big ip-ltm-asm-dgwardell henley
 
Cansecwest - The Death of AV defence in depth
Cansecwest - The Death of AV defence in depthCansecwest - The Death of AV defence in depth
Cansecwest - The Death of AV defence in depthThierry Zoller
 
SPS Enterprise Family
SPS Enterprise FamilySPS Enterprise Family
SPS Enterprise FamilySymantec
 
Presentation v mware view bootcamp series
Presentation v mware view bootcamp seriesPresentation v mware view bootcamp series
Presentation v mware view bootcamp seriessolarisyourep
 
Configuration management 101 - A tale of disaster recovery using CFEngine 3
Configuration management 101 - A tale of disaster recovery using CFEngine 3Configuration management 101 - A tale of disaster recovery using CFEngine 3
Configuration management 101 - A tale of disaster recovery using CFEngine 3RUDDER
 
Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
 
Keeping Private Data Private
Keeping Private Data PrivateKeeping Private Data Private
Keeping Private Data PrivateDobler Consulting
 
Best Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLBest Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLEDB
 
Best Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLBest Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLEDB
 
Chris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security BrickChris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security BrickMichael Man
 
Wave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalWave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalQuek Lilian
 
Security Quick Tour
Security Quick TourSecurity Quick Tour
Security Quick TourActive Base
 
Best Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLBest Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLEDB
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud SecurityMongoDB
 
Dear Hacker: Infrastructure Security Reality Check
Dear Hacker: Infrastructure Security Reality CheckDear Hacker: Infrastructure Security Reality Check
Dear Hacker: Infrastructure Security Reality CheckPaula Januszkiewicz
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskPrecisely
 
Getting Started with IBM i Security: User Privileges
Getting Started with IBM i Security: User PrivilegesGetting Started with IBM i Security: User Privileges
Getting Started with IBM i Security: User PrivilegesHelpSystems
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Windows 7 Security Enhancements
Windows 7 Security EnhancementsWindows 7 Security Enhancements
Windows 7 Security EnhancementsPresentologics
 

More Related Content

What's hot

Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...IBM Danmark
 
From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...
From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...
From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...Priyanka Aash
 
Cansecwest - The Death of AV defence in depth
Cansecwest - The Death of AV defence in depthCansecwest - The Death of AV defence in depth
Cansecwest - The Death of AV defence in depthThierry Zoller
 
SPS Enterprise Family
SPS Enterprise FamilySPS Enterprise Family
SPS Enterprise FamilySymantec
 
Presentation v mware view bootcamp series
Presentation v mware view bootcamp seriesPresentation v mware view bootcamp series
Presentation v mware view bootcamp seriessolarisyourep
 
Configuration management 101 - A tale of disaster recovery using CFEngine 3
Configuration management 101 - A tale of disaster recovery using CFEngine 3Configuration management 101 - A tale of disaster recovery using CFEngine 3
Configuration management 101 - A tale of disaster recovery using CFEngine 3RUDDER
 

What's hot (8)

Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
Ved du, hvor dine data er - og hvem, der har adgang til dem? Ron Ben Natan, I...
 
Adnmag
AdnmagAdnmag
Adnmag
 
From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...
From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...
From Workstation to Domain Admin: Why Secure Administration isn't Secure and ...
 
Big ip-ltm-asm-dg
Big ip-ltm-asm-dgBig ip-ltm-asm-dg
Big ip-ltm-asm-dg
 
Cansecwest - The Death of AV defence in depth
Cansecwest - The Death of AV defence in depthCansecwest - The Death of AV defence in depth
Cansecwest - The Death of AV defence in depth
 
SPS Enterprise Family
SPS Enterprise FamilySPS Enterprise Family
SPS Enterprise Family
 
Presentation v mware view bootcamp series
Presentation v mware view bootcamp seriesPresentation v mware view bootcamp series
Presentation v mware view bootcamp series
 
Configuration management 101 - A tale of disaster recovery using CFEngine 3
Configuration management 101 - A tale of disaster recovery using CFEngine 3Configuration management 101 - A tale of disaster recovery using CFEngine 3
Configuration management 101 - A tale of disaster recovery using CFEngine 3
 

Similar to Top Ten Settings that Leave your IBM i Vulnerable

Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramBeyondTrust
 
Keeping Private Data Private
Keeping Private Data PrivateKeeping Private Data Private
Keeping Private Data PrivateDobler Consulting
 
Best Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLBest Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLEDB
 
Best Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLBest Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLEDB
 
Chris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security BrickChris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security BrickMichael Man
 
Wave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalWave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalQuek Lilian
 
Security Quick Tour
Security Quick TourSecurity Quick Tour
Security Quick TourActive Base
 
Best Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLBest Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLEDB
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud SecurityMongoDB
 
Dear Hacker: Infrastructure Security Reality Check
Dear Hacker: Infrastructure Security Reality CheckDear Hacker: Infrastructure Security Reality Check
Dear Hacker: Infrastructure Security Reality CheckPaula Januszkiewicz
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskPrecisely
 
Getting Started with IBM i Security: User Privileges
Getting Started with IBM i Security: User PrivilegesGetting Started with IBM i Security: User Privileges
Getting Started with IBM i Security: User PrivilegesHelpSystems
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataPrecisely
 
Windows 7 Security Enhancements
Windows 7 Security EnhancementsWindows 7 Security Enhancements
Windows 7 Security EnhancementsPresentologics
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 
Top Ten Tips for IBM i Security and Compliance
Top Ten Tips for IBM i Security and ComplianceTop Ten Tips for IBM i Security and Compliance
Top Ten Tips for IBM i Security and CompliancePrecisely
 
December 2019 Microsoft 365 Need to Know Webinar
December 2019 Microsoft 365 Need to Know WebinarDecember 2019 Microsoft 365 Need to Know Webinar
December 2019 Microsoft 365 Need to Know WebinarRobert Crane
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web SystemsInnoTech
 
iSecurity Data Sheet March 2016
iSecurity Data Sheet March 2016iSecurity Data Sheet March 2016
iSecurity Data Sheet March 2016Raz-Lee Security
 

Similar to Top Ten Settings that Leave your IBM i Vulnerable (20)

Tips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management ProgramTips to Remediate your Vulnerability Management Program
Tips to Remediate your Vulnerability Management Program
 
Keeping Private Data Private
Keeping Private Data PrivateKeeping Private Data Private
Keeping Private Data Private
 
Best Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLBest Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQL
 
Best Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLBest Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQL
 
Chris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security BrickChris Rutter: Avoiding The Security Brick
Chris Rutter: Avoiding The Security Brick
 
Wave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalWave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
 
Security Quick Tour
Security Quick TourSecurity Quick Tour
Security Quick Tour
 
Best Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLBest Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQL
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud Security
 
Dear Hacker: Infrastructure Security Reality Check
Dear Hacker: Infrastructure Security Reality CheckDear Hacker: Infrastructure Security Reality Check
Dear Hacker: Infrastructure Security Reality Check
 
Social Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity RiskSocial Distance Your IBM i from Cybersecurity Risk
Social Distance Your IBM i from Cybersecurity Risk
 
Getting Started with IBM i Security: User Privileges
Getting Started with IBM i Security: User PrivilegesGetting Started with IBM i Security: User Privileges
Getting Started with IBM i Security: User Privileges
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Windows 7 Security Enhancements
Windows 7 Security EnhancementsWindows 7 Security Enhancements
Windows 7 Security Enhancements
 
2) security
2) security2) security
2) security
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Top Ten Tips for IBM i Security and Compliance
Top Ten Tips for IBM i Security and ComplianceTop Ten Tips for IBM i Security and Compliance
Top Ten Tips for IBM i Security and Compliance
 
December 2019 Microsoft 365 Need to Know Webinar
December 2019 Microsoft 365 Need to Know WebinarDecember 2019 Microsoft 365 Need to Know Webinar
December 2019 Microsoft 365 Need to Know Webinar
 
Architecting Secure Web Systems
Architecting Secure Web SystemsArchitecting Secure Web Systems
Architecting Secure Web Systems
 
iSecurity Data Sheet March 2016
iSecurity Data Sheet March 2016iSecurity Data Sheet March 2016
iSecurity Data Sheet March 2016
 

More from Precisely

Zukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenZukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenPrecisely
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Crucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdfCrucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdfPrecisely
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10Precisely
 
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Precisely
 
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Precisely
 
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3fTestjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3fPrecisely
 
Data Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity TrendsData Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity TrendsPrecisely
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Optimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAPOptimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAPPrecisely
 
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige InvestitionenSAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige InvestitionenPrecisely
 
Automatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIsAutomatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIsPrecisely
 
Moving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and PreciselyMoving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and PreciselyPrecisely
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowPrecisely
 
Automate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellenceAutomate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellencePrecisely
 
5 Keys to Improved IT Operation Management
5 Keys to Improved IT Operation Management5 Keys to Improved IT Operation Management
5 Keys to Improved IT Operation ManagementPrecisely
 
Unlock Efficiency With Your Address Data Today For a Smarter Tomorrow
Unlock Efficiency With Your Address Data Today For a Smarter TomorrowUnlock Efficiency With Your Address Data Today For a Smarter Tomorrow
Unlock Efficiency With Your Address Data Today For a Smarter TomorrowPrecisely
 
Navigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar DeckNavigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar DeckPrecisely
 
Mainframe Sort Operations: Gaining the Insights You Need for Peak Performance
Mainframe Sort Operations: Gaining the Insights You Need for Peak PerformanceMainframe Sort Operations: Gaining the Insights You Need for Peak Performance
Mainframe Sort Operations: Gaining the Insights You Need for Peak PerformancePrecisely
 

More from Precisely (20)

Zukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenZukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter Massendaten
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Crucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdfCrucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdf
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10
 
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
 
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
 
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3fTestjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
 
Data Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity TrendsData Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity Trends
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Optimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAPOptimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAP
 
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige InvestitionenSAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
 
Automatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIsAutomatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIs
 
Moving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and PreciselyMoving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and Precisely
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to Know
 
Automate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center ExcellenceAutomate Your Master Data Processes for Shared Service Center Excellence
Automate Your Master Data Processes for Shared Service Center Excellence
 
5 Keys to Improved IT Operation Management
5 Keys to Improved IT Operation Management5 Keys to Improved IT Operation Management
5 Keys to Improved IT Operation Management
 
Unlock Efficiency With Your Address Data Today For a Smarter Tomorrow
Unlock Efficiency With Your Address Data Today For a Smarter TomorrowUnlock Efficiency With Your Address Data Today For a Smarter Tomorrow
Unlock Efficiency With Your Address Data Today For a Smarter Tomorrow
 
Navigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar DeckNavigating Cloud Trends in 2024 Webinar Deck
Navigating Cloud Trends in 2024 Webinar Deck
 
Mainframe Sort Operations: Gaining the Insights You Need for Peak Performance
Mainframe Sort Operations: Gaining the Insights You Need for Peak PerformanceMainframe Sort Operations: Gaining the Insights You Need for Peak Performance
Mainframe Sort Operations: Gaining the Insights You Need for Peak Performance
 

Recently uploaded

Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

Top Ten Settings that Leave your IBM i Vulnerable

  • 1. Bill Hammond | Precisely Carol Woodbury | DXR Security John Vanderwall | DXR Security Top Ten Settings that Leave your IBM i Vulnerable
  • 2. Housekeeping Webinar Audio • Today’s webinar audio is streamed through your computer speakers • If you need technical assistance with the web interface or audio, please refresh your browser window – Chrome is recommended Questions Welcome • Submit your questions at any time during the presentation using the Q&A box Recording and slides • This webinar is being recorded. You will receive an email following the webinar with a link to the recording and slides
  • 3. The global leader in data integrity Trust your data. Build your possibilities. Our data integrity software and data enrichment products deliver accuracy and consistency to power confident business decisions. Brands you trust, trust us Data leaders partner with us of the Fortune 100 90 Customers in more than 100 2,000 employees customers 12,000 countries
  • 4. © DXRSecurity, All Rights Reserved. Carol Woodbury, CISSP, CRISC, PCIP carol@dxrsecurity.com Top 10 Settings that Leave your IBM i Vulnerable
  • 5. Goal To give you topics to consider, and once you’ve considered them, evaluate whether you need to make changes - based on your organization’s business requirements - and then take a step to improve security and reduce risk
  • 6. Issue #10 – Nothing Needs to be Done  Belief that IBM i is secure by default  “We trust our employees”  No regulatory compliance requirements
  • 7. So….. the data residing on IBM i isn’t important to your organization?
  • 8. Acknowledge that Accidental Errors Occur  Insiders  Malicious insider – 14%  Credential theft – 23%  Negligence – 63%  Ponemon Institute The Cost of Insider Threats – 2020  https://www.ibm.com/security/digita l-assets/services/cost-of-insider- threats/#/
  • 9. Issue #9 – Setting and Forgetting  Security project has completed or an audit performed – no process in place to review:  User profile settings  Default passwords  Special authorities  Group membership  Old profiles  Authority settings  Libraries, directories, files  Authorization lists  File Shares  TCP/IP Settings  Auto-start values, Encryption settings
  • 10. Security is not a one-time event … It’s a lifestyle
  • 11. Review ‘Regularly’  User profiles  Default passwords  ANZDFTPWD  Special authorities  PRTUSRPRF  Group membership  DSPAUTUSR SEQ(*GRPPRF) OUTPUT(*PRINT)  Authority settings  Files  Directories  PRTPVTAUT OBJTYPE(*DIR) DIR('/your directory') SCHSUBDIR(*YES)  Authorization lists  PRTPVTAUT OBJTYPE(*AUTL) CHGRPTONLY(*YES)
  • 13. Object Authority Services  QSYS2.object_privileges (DSPOBJAUT)  QSYS2.ifs_object_privileges (DSPAUT)  QSYS2.object_ownership (WRKOBJOWN / QSYLOBJA)
  • 14. Issue #8 – Running at the Wrong Security Level Vulnerable to:  Running batch jobs with elevated authority  By-passing some auditing  Calling OS programs directly  Note: Permissions when profiles are created include *ALLOBJ and *SAVSYS (level 20) -20 0 20 40 60 80 100 Level 10 Level 20 Level 30 Level 40 Level 50 Total Available IBM i Security Capabilities QSECURITYValue
  • 15. Moving to a Higher Security Level  Moving from 30 to 40/50:  Must audit to determine issues (if any)  Moving from 20 to 40/50  Much more planning required  Details can be found:  IBM i Security Reference, Chapter 2  IBM i Security Administration and Compliance, 3rd edition
  • 16. Issue #7 – Not Requiring a Password for DDM  An attribute of the DDM server determines whether a password is required on the target system  Using ADDSVRAUTE, a user can define that they will run as a different profile on the target system – including QSECOFR
  • 17. Securing DDM  Investigate what profiles are using DDM prior to changing the server attributes to require a password!  Use the GR audit journal entries, looking for use of DDM/DRDA  Look at the exit point logs  Add a server authentication entry for each profile using DDM  Using a group profile for DDM access  https://www.ibm.com/support/pages/simplified-ddm-and-drda-authentication- entry-management-using-group-profiles  Use current user’s password for DDM access  https://www.ibm.com/support/pages/enable-drda-and-ddm-authentication-using- user-profiles-password
  • 18. Securing DDM - continued  Set ADDSVRAUTE to *PUBLIC *EXCLUDE  Set QSECOFR to STATUS(*DISABLED)  Use Application Administration to shut off access  Use Exit Point software to log and control access
  • 19. Issue #6 – Keeping Around Old Stuff  Inactive profiles  Archived data past retention schedule  Copies made prior to updating a database  filenameX, filenameOld, filename2, filenameCopy  De-commissioned servers  Past versions of vendor products  Vendor products no longer in use  File shares
  • 20. #6a – Profiles Remain with Access / Power  Even though Users (employees / contractors) have left the organization, their access remains  MUST have process to ensure immediate access is terminated  Don’t forget SAAS applications – payroll/HR, CRM, etc  Use:  CHGUSRPRF to *DISABLE on a specific date or timeframe (days)  GO SECTOOLS  Option 8 to *DISABLE or *DELETE on a specific date  WRKOBJOWN or QSYS2.object_ownership to find owned objects
  • 21. Issue #5 – Sessions aren’t Encrypted  Internal communications are often not encrypted  WFH or WFS (Work from Starbucks  ) not using a VPN  Vulnerable to sniffing
  • 22. Encrypt Sessions  Obtain a digital certificate from a well-known CA (Certificate Authority) or configure IBM i to be a CA  https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/rzahu/rzahurazhu digitalcertmngmnt.htm  http://your_system_name:2006/dcm/login  Use the SSLCONFIG or TLSCONFIG (V7R4) SST command to determine what protocols are in use  https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/rzain/rzainhscoun ter.htm  Use the *NETSCK, *NETUDP and *NETTELSVR in QAUDLVL to determine if unsecure communications are in use (V7R3)  https://www.mcpressonline.com/security/ibm-i-os400-i5os/how-can-i-tell- whether-all-the-connections-to-my-ibm-i-are-secure
  • 23. Issue #4 – Data is Not Protected  Data is not protected against:  accidental modification  accidental (or purposeful) deletion  downloading by individuals without a business justification
  • 24. How / Why does this Happen?  Perception that object security is too difficult  IFS is ignored  An organization’s corporate data is ignored  People don’t realize where (all) the data is located
  • 25. Multiple Layers of Defense / Defense in Depth  Object security  NOT all or nothing!  Authority Collection – added in V7R3 and enhanced in V7R4  Masking and/or additional permissions via Row and Column Access Control (RCAC)  Encryption via FIELDPROC  Exit point software Implement as many layers of defense as is required to reduce risk to an acceptable level
  • 26. Issue #3: Lack of Visibility into What’s Happening on IBM i  No auditing enabled or never reviewed  Not sending information to organization’s SIEM
  • 27. Audit Recommendations QAUDCTL  *OBJAUD  *AUDLVL  *NOQTEMP (optional) QAUDLVL  *AUTFAIL  *PGMFAIL (only when moving from 20/30 to 40/50)  *CREATE  *DELETE  *PTFOPR, *PTFOBJ  *SAVRST  *SECCFG and *SECRUN (or *SECURITY)  *SERVICE  *OBJMGT  *JOBBAS (generates A LOT of entries)  *ATNEVT (intrusion detection at IP stack level)
  • 28. SIEM  Are you sending IBM i events to your SIEM?  If not, why not?  What’s your SIEM used for?  System of record or to detect inappropriate activity  See MC Press article for more considerations  https://www.mcpressonline.com/security/ibm-i-os400-i5os/what- ibm-i-information-should-i-be-sending-to-my-siem
  • 29. Send Audit Entries Indicating an Attack to your SIEM  PW  ‘U’ entries where the User is “root” or “Admin” and attempt originates from outside of the organization  ‘P’ entries where many occur within a short period of time and for the well-known IBM i-supplied profiles (QSYS, QSECOFR, QUSER, QSYSOPR, QPGMR, QSRV, QSRVBAS)  JS  Job start entries that originate from an unknown external IP address  Job starts for unknown entries (such as QSECOFR)  CP  Password changes for QSECOFR and other IBM-supplied profiles  Re-enablement of QSECOFR (if kept STATUS *DISABLED)  https://www.mcpressonline.com/security/ibm-i-os400-i5os/what-ibm-i- information-should-i-be-sending-to-my-siem
  • 30. Use Intrusion Detection IM – Audit entries – Used to detect DDoS attacks and cryptomining malware See https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/rzaub/rzaubkickoff.htm >>> It takes tuning! <<<
  • 31. Issue #2: Authentication  Running at the wrong password level  Allowing weak passwords (including default passwords)  No multifactor authentication (MFA)  Credential stuffing
  • 32. Password Level (QPWDLVL) System value 0 Default Character set: A-Z, 0-9, $, @, # and _ Maximum length: 10 1 Same as level 0 but gets rid of old NetServer password- Safe to move if you are not using NetServer or not connecting with Windows 95, 98, ME or Windows 2000 server – end users will see no difference 2 Character set: Upper / lower case, all punctuation and special characters, numbers and spaces Maximum length: 128 Keeps NetServer password, encrypts with old and new algorithms Sign on screen changed to accommodate longer password, CHGPWD and CRT/CHGUSRPRF pwd field changed 3 Same as level 2, gets rid of old encrypted password and old NetServer password Safe to move if you are not using NetServer or not connecting with Windows 95, 98, ME or Windows 2000 server – end users will see no difference Changes require an IPL Move to level 2 prior to moving to 3. At level 2, can sign on with a password that’s ALL CAPS or all lower until password is changed. *** User education required!***
  • 33. Sign-on System Values System value Recommended setting QMAXSIGN 3-5 QMAXSGNACN 2 (Disable the profile) or 3 (Disable the profile and device)
  • 34. Password Composition Rules (WRKSYSVAL QPWD*)
  • 35. QPWDRULES *PWDSYSVAL or  *CHRLMTAJC  *CHRLMTREP  *DGTLMTAJC  *DGTLMTFST  *DGTLMTLST  *DGTMAXn  *DGTMINn  *LMTSAMPOS  *LMTPRFNAME  *LTRLMTAJC  *LTRLMTFST  *LTRLMTLST  *LTRMAXn  *LTRMINn  *MAXLENnnn  *MINLENnnn  *MIXCASEnnn  *REQANY3  *SPCCHRLMTAJC  *SPCCHRLMTFST  *SPCCHRLMTLST  *SPCCHRMAXn  *SPCCHRMINn V7R2  *ALLCRTCHG Recommended: Rules are all in one place, more options Note: ALL rules must go in QPWDRULES once it’s changed from the default.
  • 36. Default Passwords  Specify *LMTPRFNAME and *ALLCRTCHG in QPWDRULES  Specifying that the password has to be changed at first sign-on is no protection!  Run ANZDFTPWD to discover
  • 37. Credential Stuffing  Using previously stolen / compromised credentials (user id and passwords) to attempt to gain access to a different site or organization.  DO NOT re-use passwords!!!
  • 39. Multi-factor Authentication (MFA)  Requires two or more ‘factors’ to authenticate (gain access to the system)  Something you know (password, pin)  Something you are (fingerprint, facial recognition, optical scan)  Something you have (token, bank card)  Recommended for at least ‘powerful’ profiles  Helps prevent credential stuffing
  • 40. Issue #1: Malware Two types of malware affect IBM i:  Resident (Stored) in the IFS  Coming in via a file share
  • 41.
  • 42. *ALLOBJ and Directory Permissions  Unlike Windows, there is no permission on the share itself  What the malware can do will depend on  How the share is defined – Read only or Read/Write  The user’s authority to the directory and objects in the directory
  • 43. File Shares Worst possible scenario is to have a Read/Write share to root
  • 44. Directory Permissions Recommended *PUBLIC authority for root: DTAAUT(*RX) OBJAUT(*NONE)
  • 45. To Reduce the Risk Of Malware  Educate your users!  Back-ups  Do them!  Verify them!  Store them separately  Shares  DO NOT SHARE ROOT !!!! (or QSYS.lib)  Remove unnecessary shares  Set shares to Read-only where possible  Hide shares by creating with a ‘$’ – e.g. newshare$  Turn off broadcasting of the NetServer
  • 46. To Reduce the Risk Of Malware - continued  Permissions  After review, set root to DTAAUT(*RX) OBJAUT(*NONE)  Review critical paths and restrict access as appropriate  Ransomware has started to exfiltrate the data and threaten to post it  Review who has *ALLOBJ special authority  Exit programs  If you have exit point software, use the NetServer exist to control which profiles can use the IFS  Consider network segmentation
  • 47. If Infected …  Pull out your incident response plan !  Determine if you’re still under attack or if it’s contained  Determine if you can resolve yourself or need to call in experts  Determine if you need to notify law enforcement  If ransomware, determine if ransom will be paid Quality and availability of your back-ups may determine whether you can recover from a malware attack
  • 48. Real Scenario Dear MsWoodbury, I was forwarded your info. As of last night, we are being held hostage.We've been in touch with the FBI and IBM.We have a ransom note on our servers. I can be reached at xxx-xxx-xxxx - via LinkedIn and Voicemail 48
  • 49. Don’t be Overwhelmed! To give you topics to consider, and once you’ve considered them, evaluate whether you need to make changes - based on your organization’s business requirements - and then take a step - ANY step – to improve security and reduce risk
  • 50. For More Information IBM i Services page  https://www.ibm.com/support/pages/node/1119123  https://gist.github.com/forstie RCAC Redpiece  http://www.redbooks.ibm.com/abstracts/redp5110.html?Open Intrusion Detection  https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/rzaub/rzaubpdf. pdf?view=kc IBM i Security Reference – PDF https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_74/rzarl/sc415302.pdf?v iew=kc  Chapters 2 and 3 – System Values  Chapter 9 - Auditing  Chapter 10 – Authority Collection IBM i Security Administration and Compliance, 3nd edition, by Carol Woodbury, 2020. 50
  • 52. DXRSecurity Services 1) Annual IBM i Security Analysis Subscription  Includes:  2 Vulnerability Discovery Instances per year  12 hours of assistance per year  Sold per partition/LPAR 2) Vulnerability Discovery  Sold per partition/LPAR 3) Vulnerability Confirmation  Includes:  Testing and validation of vulnerabilities  Understand if compensating controls that are in place actually work  Understand how much access people have to critical files  Similar to a “penetration test” for the IBM i, but far more customized 4) Security Education  Includes:  2 Day Course (virtual or onsite “post Covid”)  Learn Security from an Expert  Sold “per student” plus expenses if onsite
  • 53. Why DXR Security?  Unquestioned Expertise  Carol Woodbury  Former Security Architect and Chief Engineering Manager for Enterpriser Server group at IBM  Only Commercially available book on IBM i Security. “IBM i Security Administration and Compliance”  25+ years in IBM i Security  John Vanderwall  20+ years selling IBM i Security services and software  CEO and VP roles  Doubled size of security services business in 4 years  We are all about “action” – not overwhelming you with huge amounts of information
  • 56. 56 Assure Security addresses the issues on the radar screen of every security officer and IBM i admin Compliance Monitoring Gain visibility into all security activity on your IBM i and optionally feed it to an enterprise console Access Control Ensure comprehensive control of unauthorized access and the ability to trace any activity, suspicious or otherwise Security Risk Assessment Assess your security threats and vulnerabilities Data Privacy Protect the privacy of data at-rest or in-motion to prevent data breaches
  • 57. 57 Choose the full product Choose a feature bundle Or select a specific capability Assure Security Assure Data Privacy Assure Encryption Assure Secure File Transfer Assure Monitoring and Reporting Assure Db2 Data Monitor Assure Access Control Assure System Access Manager Assure Elevated Authority Manager Assure Multi-Factor Authentication Assure Security Risk Assessment Assure Compliance Monitoring
  • 58. Q&A