SlideShare a Scribd company logo

Protecting Your Business from Unauthorized IBM i Access

Precisely
Precisely

Understanding and controlling all the points of access to IBM i systems IBM i is securable BUT not secured by default. To comply with increasingly strict IT security regulations, you must take control of all access points to your IBM i server. You can limit IBM i security threats by routinely assessing risks and taking control of logon security, powerful authorities, and system access. With the right tools and process, you can ensure comprehensive control of unauthorized access and can trace any activity, suspicious or otherwise on your IBM i systems. View this webcast on-demand to learn: • How to secure network access and communication port • How to implement different authentication options and tradeoffs • How to limit the number of privileged user accounts • How Syncsort’s security solutions can help

Technology
1 of 33
Download to read offline
Protecting Your Business from Unauthorized Access
Housekeeping Webcast Audio • Today’s webcast audio is streamed through your computer speakers. • If you need technical assistance with the web interface or audio, please reach out to us using the chat window. Questions Welcome • Submit your questions at any time during the presentation using the chat window. • We will answer them during our Q&A session following the presentation. Recording and slides • This webcast is being recorded. You will receive an email following the webcast with a link to download both the recording and the slides. 2
3 Agenda • Why Access Control is Critical • Multi-Factor Authentication • Elevated Authority Management • System Access Management • How Syncsort Can Help
Why Access Control is Critical
Key IBM i Security Concepts ▪ The IBM i is not inherently a secure system. However, it is extremely securable. ▪ Legacy, proprietary protocols now cohabitate with new, open-source protocols – creating new access point headaches ▪ The worldwide hacker community has discovered the IBM i as a high value target. It often hosts the most critical data in a corporation ▪ Being in compliance does not automatically mean the system is secure. 5
Global Security Laws and Regulations United States Canada CCPA PIPEDA PCI DSS PCI DSS FISMA GDPR GLBA CCPA SOX State & Federal Laws GDPR United Kingdom Data Protection Act (DPA) PCI DSS GDPR CCPA European Union GDPR Directive 2002/58/EC Basel III PCI DSS CCPA Japan Personal Information- Protection Law PCI DSS GDPR CCPA Asia-Pacific Forum on Privacy & Data APEC PCI DSS GDPR CCPA Latin America PCI DSS E-commerce Act Consumer Protection Code Law for Protection of Private Life Data Protection Bill GDPR CCPA 6
Multi-Factor Authentication
• Should we add more complexity to passwords? Not really. • Why not? Because we write them down! • Complex password increase costs and introduce weaknesses: • Management is complex • Management is expensive • Impacts productivity (re-enabling users, password changes, etc.) • Reliance on passwords alone puts all your eggs in the same basket! Complex Password Issues NIST’s latest Digital Identity Guidelines at https://pages.nist.gov/800-63-3/ recommend against complex passwords 8
Multi-Factor Authentication (MFA), sometimes called Two-Factor Authentication (2FA), uses two or more of the following factors : • Something you know or a “knowledge factor” • E.g. user ID, password, PIN, security question • Something you have or a “possession factor” • E.g. smartphone, smartcard, token device • Something you are or an “inherence factor” • E.g. fingerprint, iris scan, voice recognition Multi-Factor Authentication Adds a Layer of Login Security Typical authentication on IBM i uses 2 items of the same factor – User ID and password. This is not multi-factor authentication. 9
Examples of MFA This is Not MFA Two things the user knows and no other factor is not MFA A combination of things the user knows, has or is provides MFA 10
• Regulations are evolving to require or recommend MFA. Consult the latest documentation for the regulations that impact your business! • MFA avoids the risks and costs of: • Weak passwords • Complex passwords • MFA is a good security measure when: • It is customizable and simple to administer • End users adoption is easy • MFA can support internal strategy and legal requirements • BYOD (Bring Your Own Device) vs COPE (Corporate Owned, Personally Enabled) Passwords alone are insufficient to protect your systems from attack. Multiple factors are better than one to improve security! Why Adopt Multi-Factor Authentication? 11
Authentication options are methods for transporting an authentication factor. They can include: • Email • Phone call • Mobile phones • Push-based authentication • QR code based authentication • One-time password authentication (event-based and time-based) • SMS-based verification (see box) • Hardware device such as fobs • USB-based physical tokens • USB tokens are not allowed in many organizations due to risk of loss, theft, virus, or malware • USB tokens are costly and heavy to manage for all users • Biometric device Factors must be independent – A factor cannot be used to access another factor, they should be physically independent Authentication Options 12
PCI-DSS version 3.2 • Requires companies to secure all administrative access to the CDE (Cardholder Data Environment) using MFA • Check document “Multi-Factor Authentication” – February 2017 –Requirement 8.3. New York Department of Financial Services Cybersecurity Regulation • 23 NYCRR 500 Section 500.12 (b) states, “Multi-Factor Authentication shall be utilized for any individual accessing the Covered Entity’s internal networks from an external network, unless the Covered Entity’s CISO has approved in writing the use of reasonably equivalent or more secure access controls.” FFIEC (Federal Financial Institutions Examination Council) • The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties. HIPAA • Doesn't explicitly mention MFA • Due to password expiration reinforcement and updates to NIST guidance (800-63), MFA becomes a very reasonable solution to meet HIPAA section 164.312d Regulatory Requirements for MFA 13
Elevated Authority Management
What Is Elevated Authority? • A user’s authorities define what they can do on an IBM i system, including • menus they can access • commands they can run and • actions they can take • Elevated authorities are those that give users more powerful privileges • Some people may refer to elevated authority as privileged access 15
• Having too many powerful users leaves the system and data exposed • Controlling user authorities is required by regulations such as SOX, HIPAA, the Federal and North American Information Practice Act, GDPR and more • Compliance auditors require that additional authority be granted only when needed and only for the time required • Security best practice is for users to only have the authorities required to do their jobs • Even administrators should have their actions monitored (separation of duties) as a best practice • Outsiders who obtain credentials will attempt to elevate authority unchecked unless you have control of that process Why Elevated Authorities Must be Limited 16
• Elevated authority should only be granted as needed – and then revoked • Manually granting and revoking elevated authority is time consuming and error prone • A log of the activities of users with elevated authorities should be maintained so their actions can be monitored • Remember that administrators, who have elevated authority, also need to have their actions monitored Challenges of Managing Elevated Authority I need to be *SYSOPR for this assignment! I need *ALLOBJ to do my job! Can I have *SPLCTL for my project? 17
Regulatory Requirements General Data Protection Regulation (GDPR) Enforcement date: 25 May 2018 Regulation in European Union law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA) Applies to all organizations doing business with EU citizens Aims primarily to provide protection and control over their personal data to citizens and residents, including • Access control • Sensitive data protection • Restricted user privileges • System activity logging • Risk assessments New York Dept. of Financial Services Cybersecurity Regulation NYS 23 NYCRR 500 Enforcement date: February 15, 2018 Requires banks, insurance companies, and other financial services institutions to establish and maintain a cybersecurity program designed to protect consumers Ensures the safety and soundness of New York State's financial services industry. Requirements protect the confidentiality, integrity and availability of information systems, including • Risk assessments • Restricted user privileges • Automatic logouts • Antivirus • Multi-factor authentication • System activity logging Sarbanes–Oxley Act Enacted July 30, 2002 United States federal law Sets requirements for U.S. public companies. Certain provisions apply to private companies Requires corporates to assess the effectiveness of internal controls and report this assessment annually to the SEC. Any review of internal controls would not be complete with out addressing controls around information security including • Security Policy • Security Standards • Access and Authentication • Network Security • Monitoring • Segregation of Duties 18
Access Control
The IBM i is increasingly connected • Prior to the 1990s, the IBM i was isolated • In the 1990s IBM opened up the system to TCP/IP • The numbers of ways the system could be accessed grew • Legacy, proprietary protocols now cohabitate with new, open- source protocols – creating access point headaches • The worldwide hacker community now recognizes the IBM i as a high-value target 4 important levels of access must now be secured • Network access • Communication port access • Database access • Command access Why Secure Access Points? 20
What are exit points and exit programs? • Exit points and exit programs are powerful tools for access control • Introduced in 1994 to the AS/400 in V3R1 of the operating system • Exit points provide “hooks” to invoke one or more user-written programs—called exit programs—for a variety of OS-related operations • Exit programs are registered to particular exit points How can exit points be used? • Exit programs can allow or deny access based on parameters such as permissions, date/time, user profile settings, IP addresses, etc. • Command exit points can allow or deny command execution based on context and parameters • Exit programs can also trigger actions such as logging access attempts, disabling user profiles, sending an alert, etc. Exit Points and Exit Programs 21
Securing Network Access Security Challenges • Network protocols make it possible for users to connect directly to backend databases on the IBM i • Network protocols include FTP, ODBC, JDBC, DDM, DRDA, NetServer and others • Without proper controls, the system is open to hackers or internal users who may create problems • Without network controls, it is also possible to remotely execute commands (e.g. RCMD or REXEC) via FTP, ODBC and RMTCMD functions • SQL statements could also be remotely executed via ODBC, JDBC and DRDA if not locked down How Exit Points Can Help • IBM i provides dozens of exit points that cover most network access protocols • Exit programs can be created and assigned to these exit points • Exit programs can control access by a variety of criteria and monitor and log activity • When access is controlled through network exit programs, only the specific operations defined by the exit program can occur • Application Administration provides a partial solution that can control which users can access particular network functions, but does not provide logging and cannot be controlled via granular rules 22
Securing Com Port Access Security Challenges • Some network protocols don’t have their own exit points and can’t be protected in the same way • These network protocols include SSH, SFTP, SMTP and others • IT teams may also wish to control communication access in a way network or other types of exit points cannot (for example, specifying a port number) How Exit Points Can Help • IBM provides socket exit points • Socket exit programs secure connections by specific port and/or IP addresses • Socket exit programs have limits; e.g. fewer parameters are available to control inbound connection • Socket exit points paired with the other types of exit point access control methods provide stronger protection 23
Securing Database Access Security Challenges • Object-level security only goes so far in controlling access to sensitive data • Open-source protocols that access data create particular vulnerabilities • Open-source protocols include JSON, Node.js, Python, Ruby and others • Open-source protocols don’t have their own exit points • Without properly securing database access, data could be viewed or changed without proper authorization or even stolen How Exit Points Can Help • A powerful exit point called Open Database File allows exit programs that protect data from any kind of access • The exit program can be invoked whenever a physical file, logical file, SQL table or SQL view is opened • The exit program can contain a granular set of rules that control under what conditions the file can be accessed and by whom • The exit program can also be defined to audit all activity 24
Securing Command Access Security Challenges • The incorrect use of commands by users can cause considerable damage (deleting files, ending processes, or worse) • Access to commands can be controlled to some extent through user profiles and object-level security • A more refined approach to command control is often required – especially for powerful profiles How Exit Points Can Help • IBM i provides exit points that cover the use of commands • Exit programs can be developed to allow or disallow access to any command within very specific circumstances • Command control can be performed regardless of whether it is performed within the IBM i or through network access • Command exit programs supersede normal object-level security to provide an additional, very useful layer of security for users with powerful authorities 25
Syncsort Can Help
Assure Security Assure Data Privacy Assure Encryption Assure Secure File Transfer Assure Monitoring and Reporting Assure Db2 Data Monitor Assure Access Control Assure System Access Manager Assure Elevated Authority Manager Assure Multi-Factor Authentication Security Risk Assessment Assure Compliance Monitoring Assure Access Control assures comprehensive control of system and database access 27
Assure Multi-Factor Authentication Full-featured multi-factor authentication for IBM i • Enables you to require two or more factors for authentication: • Something the user knows • Something the user has • Something the user “is” • Relies on codes from authentication services delivered via mobile device, email, hardware token, etc. • Enables self-service profile re- enablement and self-service password changes • Supports the Four Eyes Principle for supervised changes • RSA certified (See DOC-92160 on RSA’s community site) Powerful, flexible deployment options • Allows multi-factor authentication to be enabled only for specific users or situations • Rules engine makes it easy to configure when multi-factor authentication is used • Supports multiple authenticators • Free Syncsort authenticator • RADIUS-based servers • RSA SecurID (on-prem or cloud) • Options to initiate from the 5250 signon screen or on-demand (manually or from a program) • Options for multi-factor or two-step authentication Strengthens login security and enables compliance • Adds an authentication layer above and beyond memorized or written passwords • Reduces potential for the cost and consequences of data theft and unauthorized access to systems and applications • Lowers risk of an unauthorized user guessing or finding another user’s password • Addresses regulatory requirements and recommendations in PCI DSS 3.2, NYDFS Cybersecurity Regulation, Swift Alliance Access, GLBA/FFIEC, and more 28
Complete, automated control of elevated user authorities • Administrators can manually grant user’s requests or rules can be configured to manage them • Define rules for source and target profiles based on group profiles, supplemental groups, user list, etc. • Rules determine the context in which authority can be granted, such as time of date, job name, IP address and more • *SWAP or *ADOPT methods are supported to elevate authority • Handles processes connecting via ODBC, JDBC, DRDA and FTP • Monitors elevated users and duration of elevation from GUI or 5250 displays • Maintains an audit trail of elevated activity using job logs, screen captures, exit points and journals • An option is available to simply log user activity without changing authorities • Produces alerts on events such as exceeding authorized time • Generates reports in a variety of formats • Allows integration with ticketing systems Enables regulatory compliance and security best practice • Generates an audit trail of actions by elevated profiles for compliance auditors • Makes it easy to manage requests for elevated authority on demand • Enforces segregation of duties • Satisfies security officers by reducing the number of powerful profiles and maintaining a comprehensive audit trail • Produces necessary alerts and reports • Significantly reduces security exposures caused by human error • Reduces risk of unauthorized access to sensitive data Comprehensive monitoring of elevated profiles Assure Elevated Authority Manager 29
Assure System Access Manager Comprehensive control of external and internal access • Network access (FTP, ODBC, JDBC, OLE DB, DDM, DRDA, NetServer, etc.) • Communication port access (using ports, IP addresses, sockets - covers SSH, SFTP, SMTP, etc.) • Database access (open-source protocols - JSON, Node.js, Python, Ruby, etc.) • Command access Powerful, flexible and easy to manage • Easy to use graphical interface • Standard configuration provided for out-of-the-box deployment • Powerful, flexible rules for controlling access based on conditions such as date/time, user profile settings, IP addresses, etc. • Simulation mode for testing rules without impact to the users • Provides alerts and produces reports • Logs access data for SIEM integration Secures IBM i systems and enables regulatory compliance • Supports regulatory requirements for SOX, GDPR, PCI-DSS, HIPAA, and others • Satisfies security officers by securing access to IBM i systems and data • Significantly reduces the time and cost of achieving regulatory compliance • Enables implementation of security best practices • Quickly detects security incidents so you can efficiently remediate them • Has low impact on system performance 30
Expert services are available for • Security risk assessment • Quick start services • Quick check services • Security update services (hot fixes, PTFs, new releases, etc.) • System update services (ensuring security solution is properly configured after system changes to IP addresses, OS versions, etc.) • Auditor assist (supporting internal or external auditors) • Managed security services • A la carte consulting Leverage the seasoned security experts in Syncsort Global Services! The Syncsort Services Team Is Here for You 31
Q&A Learn more at www.syncsort.com/assure-security
Protecting Your Business from Unauthorized IBM i Access

Recommended

Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"
Sean Bradley
 
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iCombat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Precisely
 
PCI Compliance White Paper
PCI Compliance White PaperPCI Compliance White Paper
PCI Compliance White Paper
Raz-Lee Security
 
GDPR & Capacity Management
GDPR & Capacity ManagementGDPR & Capacity Management
GDPR & Capacity Management
Precisely
 
IBM i Security SIEM Integration
IBM i Security SIEM IntegrationIBM i Security SIEM Integration
IBM i Security SIEM Integration
Precisely
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
Precisely
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataX-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
IBM Security
 
Essential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityEssential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field Security
Precisely
 

Recommended

Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"Erik Nachbahr "Dealership Technology"
Erik Nachbahr "Dealership Technology"
Sean Bradley
 
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iCombat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Precisely
 
PCI Compliance White Paper
PCI Compliance White PaperPCI Compliance White Paper
PCI Compliance White Paper
Raz-Lee Security
 
GDPR & Capacity Management
GDPR & Capacity ManagementGDPR & Capacity Management
GDPR & Capacity Management
Precisely
 
IBM i Security SIEM Integration
IBM i Security SIEM IntegrationIBM i Security SIEM Integration
IBM i Security SIEM Integration
Precisely
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
Precisely
 
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive DataX-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
X-Force Threat Intelligence: Fight Insider Threats & Protect Your Sensitive Data
IBM Security
 
Essential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field SecurityEssential Layers of IBM i Security: File and Field Security
Essential Layers of IBM i Security: File and Field Security
Precisely
 
Essential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and AuditingEssential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and Auditing
Precisely
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
Robert Parker
 
Flight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the LawFlight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the Law
Synopsys Software Integrity Group
 
Combatting Intruders on IBM i with IDS
Combatting Intruders on IBM i with IDSCombatting Intruders on IBM i with IDS
Combatting Intruders on IBM i with IDS
HelpSystems
 
Intellinx.z watch
Intellinx.z watchIntellinx.z watch
Intellinx.z watch
Jim Porell
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM Security
 
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence QuarterlyIBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM Security
 
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
IBM Security
 
Taking the Pulse of IBM i Security for 2020
Taking the Pulse of IBM i Security for 2020Taking the Pulse of IBM i Security for 2020
Taking the Pulse of IBM i Security for 2020
Precisely
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & Ethics
Karthikeyan Dhayalan
 
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideFLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
Black Duck by Synopsys
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information security
Meletis Belsis MPhil/MRes/BSc
 
Automotive Hacking
Automotive Hacking Automotive Hacking
Automotive Hacking
GAURAV. H .TANDON
 
Intellinx overview.2010
Intellinx overview.2010Intellinx overview.2010
Intellinx overview.2010
Jim Porell
 
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
Black Duck by Synopsys
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter Most
Precisely
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them
IBM Security
 
Information Security
Information SecurityInformation Security
Information Security
steffiann88
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurity
IT Governance Ltd
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
IBM Security
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
Precisely
 
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Precisely
 

More Related Content

What's hot

Combatting Intruders on IBM i with IDS
Combatting Intruders on IBM i with IDSCombatting Intruders on IBM i with IDS
Combatting Intruders on IBM i with IDS
HelpSystems
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM Security
 
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence QuarterlyIBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM Security
 
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
IBM Security
 
Taking the Pulse of IBM i Security for 2020
Taking the Pulse of IBM i Security for 2020Taking the Pulse of IBM i Security for 2020
Taking the Pulse of IBM i Security for 2020
Precisely
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter Most
Precisely
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them
IBM Security
 
Information Security
Information SecurityInformation Security
Information Security
steffiann88
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
IBM Security
 

What's hot (20)

Essential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and AuditingEssential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and Auditing
 
3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...3433 IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 
Flight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the LawFlight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the Law
 
Combatting Intruders on IBM i with IDS
Combatting Intruders on IBM i with IDSCombatting Intruders on IBM i with IDS
Combatting Intruders on IBM i with IDS
 
Intellinx.z watch
Intellinx.z watchIntellinx.z watch
Intellinx.z watch
 
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
IBM X-Force Threat Intelligence: Why Insider Threats Challenge Critical Busin...
 
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence QuarterlyIBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
IBM X-Force: Insights from the 1Q 2015 X-Force Threat Intelligence Quarterly
 
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
Safeguard Healthcare Identities and Data with Identity Governance and Intelli...
 
Taking the Pulse of IBM i Security for 2020
Taking the Pulse of IBM i Security for 2020Taking the Pulse of IBM i Security for 2020
Taking the Pulse of IBM i Security for 2020
 
Chapter 1 Law & Ethics
Chapter 1 Law & EthicsChapter 1 Law & Ethics
Chapter 1 Law & Ethics
 
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideFLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information security
 
Automotive Hacking
Automotive Hacking Automotive Hacking
Automotive Hacking
 
Intellinx overview.2010
Intellinx overview.2010Intellinx overview.2010
Intellinx overview.2010
 
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter Most
 
3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them3 Enablers of Successful Cyber Attacks and How to Thwart Them
3 Enablers of Successful Cyber Attacks and How to Thwart Them
 
Information Security
Information SecurityInformation Security
Information Security
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurity
 
10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know10 Security Essentials Every CxO Should Know
10 Security Essentials Every CxO Should Know
 

Similar to Protecting Your Business from Unauthorized IBM i Access

Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
Precisely
 
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Precisely
 
The Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM iThe Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM i
Precisely
 
Best Practices for Multi-Factor Authentication on IBM i
Best Practices for Multi-Factor Authentication on IBM iBest Practices for Multi-Factor Authentication on IBM i
Best Practices for Multi-Factor Authentication on IBM i
Precisely
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
Precisely
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to Know
Precisely
 
Best Practices for Multi-Factor Authentication on IBM i
Best Practices for Multi-Factor Authentication on IBM iBest Practices for Multi-Factor Authentication on IBM i
Best Practices for Multi-Factor Authentication on IBM i
Precisely
 
Introducing Assure Security Risk Assessment
Introducing Assure Security Risk AssessmentIntroducing Assure Security Risk Assessment
Introducing Assure Security Risk Assessment
Precisely
 
Les Assises 2015 - Why people are the most important aspect of IT security?
Les Assises 2015 - Why people are the most important aspect of IT security?Les Assises 2015 - Why people are the most important aspect of IT security?
Les Assises 2015 - Why people are the most important aspect of IT security?
BalaBit
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
Jim Kaplan CIA CFE
 

Similar to Protecting Your Business from Unauthorized IBM i Access (20)

Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
 
The Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM iThe Best Shield Against Ransomware for IBM i
The Best Shield Against Ransomware for IBM i
 
Best Practices for Multi-Factor Authentication on IBM i
Best Practices for Multi-Factor Authentication on IBM iBest Practices for Multi-Factor Authentication on IBM i
Best Practices for Multi-Factor Authentication on IBM i
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
 
Improve IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in SplunkImprove IT Security and Compliance with Mainframe Data in Splunk
Improve IT Security and Compliance with Mainframe Data in Splunk
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access Security
 
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be SecuredCountdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
Countdown to CCPA: 48 Days Until Your IBM i Data Needs to Be Secured
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
I Series User Management
I Series User ManagementI Series User Management
I Series User Management
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to Know
 
Best Practices for Multi-Factor Authentication on IBM i
Best Practices for Multi-Factor Authentication on IBM iBest Practices for Multi-Factor Authentication on IBM i
Best Practices for Multi-Factor Authentication on IBM i
 
Introducing Assure Security Risk Assessment
Introducing Assure Security Risk AssessmentIntroducing Assure Security Risk Assessment
Introducing Assure Security Risk Assessment
 
FixNix vCISO CyberSecurity Network Security for Covid91
FixNix vCISO CyberSecurity Network Security for Covid91FixNix vCISO CyberSecurity Network Security for Covid91
FixNix vCISO CyberSecurity Network Security for Covid91
 
Les Assises 2015 - Why people are the most important aspect of IT security?
Les Assises 2015 - Why people are the most important aspect of IT security?Les Assises 2015 - Why people are the most important aspect of IT security?
Les Assises 2015 - Why people are the most important aspect of IT security?
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
 
Accelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i SystemsAccelerating Regulatory Compliance for IBM i Systems
Accelerating Regulatory Compliance for IBM i Systems
 
BEST CYBER SECURITY PRACTICES
BEST CYBER SECURITY PRACTICESBEST CYBER SECURITY PRACTICES
BEST CYBER SECURITY PRACTICES
 

More from Precisely

Optimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdf
Optimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdfOptimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdf
Optimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdf
Precisely
 
Chaining, Looping, and Long Text for Script Development and Automation.pdf
Chaining, Looping, and Long Text for Script Development and Automation.pdfChaining, Looping, and Long Text for Script Development and Automation.pdf
Chaining, Looping, and Long Text for Script Development and Automation.pdf
Precisely
 
Revolutionizing SAP® Processes with Automation and Artificial Intelligence
Revolutionizing SAP® Processes with Automation and Artificial IntelligenceRevolutionizing SAP® Processes with Automation and Artificial Intelligence
Revolutionizing SAP® Processes with Automation and Artificial Intelligence
Precisely
 
Unlocking the Power of Your IBM i and Z Security Data with Google Chronicle
Unlocking the Power of Your IBM i and Z Security Data with Google ChronicleUnlocking the Power of Your IBM i and Z Security Data with Google Chronicle
Unlocking the Power of Your IBM i and Z Security Data with Google Chronicle
Precisely
 
How to Build Data Governance Programs That Last - A Business-First Approach.pdf
How to Build Data Governance Programs That Last - A Business-First Approach.pdfHow to Build Data Governance Programs That Last - A Business-First Approach.pdf
How to Build Data Governance Programs That Last - A Business-First Approach.pdf
Precisely
 
Zukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenZukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter Massendaten
Precisely
 
Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10
Precisely
 
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Precisely
 
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Precisely
 
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3fTestjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Precisely
 
Data Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity TrendsData Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity Trends
Precisely
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
Precisely
 
Optimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAPOptimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAP
Precisely
 
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige InvestitionenSAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
Precisely
 
Automatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIsAutomatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIs
Precisely
 
Moving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and PreciselyMoving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and Precisely
Precisely
 

More from Precisely (20)

Optimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdf
Optimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdfOptimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdf
Optimierte Daten und Prozesse mit KI / ML + SAP Fiori.pdf
 
Chaining, Looping, and Long Text for Script Development and Automation.pdf
Chaining, Looping, and Long Text for Script Development and Automation.pdfChaining, Looping, and Long Text for Script Development and Automation.pdf
Chaining, Looping, and Long Text for Script Development and Automation.pdf
 
Revolutionizing SAP® Processes with Automation and Artificial Intelligence
Revolutionizing SAP® Processes with Automation and Artificial IntelligenceRevolutionizing SAP® Processes with Automation and Artificial Intelligence
Revolutionizing SAP® Processes with Automation and Artificial Intelligence
 
Navigating the Cloud: Best Practices for Successful Migration
Navigating the Cloud: Best Practices for Successful MigrationNavigating the Cloud: Best Practices for Successful Migration
Navigating the Cloud: Best Practices for Successful Migration
 
Unlocking the Power of Your IBM i and Z Security Data with Google Chronicle
Unlocking the Power of Your IBM i and Z Security Data with Google ChronicleUnlocking the Power of Your IBM i and Z Security Data with Google Chronicle
Unlocking the Power of Your IBM i and Z Security Data with Google Chronicle
 
How to Build Data Governance Programs That Last - A Business-First Approach.pdf
How to Build Data Governance Programs That Last - A Business-First Approach.pdfHow to Build Data Governance Programs That Last - A Business-First Approach.pdf
How to Build Data Governance Programs That Last - A Business-First Approach.pdf
 
Zukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter MassendatenZukuntssichere SAP Prozesse dank automatisierter Massendaten
Zukuntssichere SAP Prozesse dank automatisierter Massendaten
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Crucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdfCrucial Considerations for AI-ready Data.pdf
Crucial Considerations for AI-ready Data.pdf
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10Justifying Capacity Managment Webinar 4/10
Justifying Capacity Managment Webinar 4/10
 
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
Automate Studio Training: Materials Maintenance Tips for Efficiency and Ease ...
 
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
Leveraging Mainframe Data in Near Real Time to Unleash Innovation With Cloud:...
 
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3fTestjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
Testjrjnejrvnorno4rno3nrfnfjnrfnournfou3nfou3f
 
Data Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity TrendsData Innovation Summit: Data Integrity Trends
Data Innovation Summit: Data Integrity Trends
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Optimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAPOptimisez la fonction financière en automatisant vos processus SAP
Optimisez la fonction financière en automatisant vos processus SAP
 
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige InvestitionenSAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
SAPS/4HANA Migration - Transformation-Management + nachhaltige Investitionen
 
Automatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIsAutomatisierte SAP Prozesse mit Hilfe von APIs
Automatisierte SAP Prozesse mit Hilfe von APIs
 
Moving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and PreciselyMoving IBM i Applications to the Cloud with AWS and Precisely
Moving IBM i Applications to the Cloud with AWS and Precisely
 

Recently uploaded

JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 

Protecting Your Business from Unauthorized IBM i Access

  • 1. Protecting Your Business from Unauthorized Access
  • 2. Housekeeping Webcast Audio • Today’s webcast audio is streamed through your computer speakers. • If you need technical assistance with the web interface or audio, please reach out to us using the chat window. Questions Welcome • Submit your questions at any time during the presentation using the chat window. • We will answer them during our Q&A session following the presentation. Recording and slides • This webcast is being recorded. You will receive an email following the webcast with a link to download both the recording and the slides. 2
  • 3. 3 Agenda • Why Access Control is Critical • Multi-Factor Authentication • Elevated Authority Management • System Access Management • How Syncsort Can Help
  • 4. Why Access Control is Critical
  • 5. Key IBM i Security Concepts ▪ The IBM i is not inherently a secure system. However, it is extremely securable. ▪ Legacy, proprietary protocols now cohabitate with new, open-source protocols – creating new access point headaches ▪ The worldwide hacker community has discovered the IBM i as a high value target. It often hosts the most critical data in a corporation ▪ Being in compliance does not automatically mean the system is secure. 5
  • 6. Global Security Laws and Regulations United States Canada CCPA PIPEDA PCI DSS PCI DSS FISMA GDPR GLBA CCPA SOX State & Federal Laws GDPR United Kingdom Data Protection Act (DPA) PCI DSS GDPR CCPA European Union GDPR Directive 2002/58/EC Basel III PCI DSS CCPA Japan Personal Information- Protection Law PCI DSS GDPR CCPA Asia-Pacific Forum on Privacy & Data APEC PCI DSS GDPR CCPA Latin America PCI DSS E-commerce Act Consumer Protection Code Law for Protection of Private Life Data Protection Bill GDPR CCPA 6
  • 8. • Should we add more complexity to passwords? Not really. • Why not? Because we write them down! • Complex password increase costs and introduce weaknesses: • Management is complex • Management is expensive • Impacts productivity (re-enabling users, password changes, etc.) • Reliance on passwords alone puts all your eggs in the same basket! Complex Password Issues NIST’s latest Digital Identity Guidelines at https://pages.nist.gov/800-63-3/ recommend against complex passwords 8
  • 9. Multi-Factor Authentication (MFA), sometimes called Two-Factor Authentication (2FA), uses two or more of the following factors : • Something you know or a “knowledge factor” • E.g. user ID, password, PIN, security question • Something you have or a “possession factor” • E.g. smartphone, smartcard, token device • Something you are or an “inherence factor” • E.g. fingerprint, iris scan, voice recognition Multi-Factor Authentication Adds a Layer of Login Security Typical authentication on IBM i uses 2 items of the same factor – User ID and password. This is not multi-factor authentication. 9
  • 10. Examples of MFA This is Not MFA Two things the user knows and no other factor is not MFA A combination of things the user knows, has or is provides MFA 10
  • 11. • Regulations are evolving to require or recommend MFA. Consult the latest documentation for the regulations that impact your business! • MFA avoids the risks and costs of: • Weak passwords • Complex passwords • MFA is a good security measure when: • It is customizable and simple to administer • End users adoption is easy • MFA can support internal strategy and legal requirements • BYOD (Bring Your Own Device) vs COPE (Corporate Owned, Personally Enabled) Passwords alone are insufficient to protect your systems from attack. Multiple factors are better than one to improve security! Why Adopt Multi-Factor Authentication? 11
  • 12. Authentication options are methods for transporting an authentication factor. They can include: • Email • Phone call • Mobile phones • Push-based authentication • QR code based authentication • One-time password authentication (event-based and time-based) • SMS-based verification (see box) • Hardware device such as fobs • USB-based physical tokens • USB tokens are not allowed in many organizations due to risk of loss, theft, virus, or malware • USB tokens are costly and heavy to manage for all users • Biometric device Factors must be independent – A factor cannot be used to access another factor, they should be physically independent Authentication Options 12
  • 13. PCI-DSS version 3.2 • Requires companies to secure all administrative access to the CDE (Cardholder Data Environment) using MFA • Check document “Multi-Factor Authentication” – February 2017 –Requirement 8.3. New York Department of Financial Services Cybersecurity Regulation • 23 NYCRR 500 Section 500.12 (b) states, “Multi-Factor Authentication shall be utilized for any individual accessing the Covered Entity’s internal networks from an external network, unless the Covered Entity’s CISO has approved in writing the use of reasonably equivalent or more secure access controls.” FFIEC (Federal Financial Institutions Examination Council) • The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties. HIPAA • Doesn't explicitly mention MFA • Due to password expiration reinforcement and updates to NIST guidance (800-63), MFA becomes a very reasonable solution to meet HIPAA section 164.312d Regulatory Requirements for MFA 13
  • 15. What Is Elevated Authority? • A user’s authorities define what they can do on an IBM i system, including • menus they can access • commands they can run and • actions they can take • Elevated authorities are those that give users more powerful privileges • Some people may refer to elevated authority as privileged access 15
  • 16. • Having too many powerful users leaves the system and data exposed • Controlling user authorities is required by regulations such as SOX, HIPAA, the Federal and North American Information Practice Act, GDPR and more • Compliance auditors require that additional authority be granted only when needed and only for the time required • Security best practice is for users to only have the authorities required to do their jobs • Even administrators should have their actions monitored (separation of duties) as a best practice • Outsiders who obtain credentials will attempt to elevate authority unchecked unless you have control of that process Why Elevated Authorities Must be Limited 16
  • 17. • Elevated authority should only be granted as needed – and then revoked • Manually granting and revoking elevated authority is time consuming and error prone • A log of the activities of users with elevated authorities should be maintained so their actions can be monitored • Remember that administrators, who have elevated authority, also need to have their actions monitored Challenges of Managing Elevated Authority I need to be *SYSOPR for this assignment! I need *ALLOBJ to do my job! Can I have *SPLCTL for my project? 17
  • 18. Regulatory Requirements General Data Protection Regulation (GDPR) Enforcement date: 25 May 2018 Regulation in European Union law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA) Applies to all organizations doing business with EU citizens Aims primarily to provide protection and control over their personal data to citizens and residents, including • Access control • Sensitive data protection • Restricted user privileges • System activity logging • Risk assessments New York Dept. of Financial Services Cybersecurity Regulation NYS 23 NYCRR 500 Enforcement date: February 15, 2018 Requires banks, insurance companies, and other financial services institutions to establish and maintain a cybersecurity program designed to protect consumers Ensures the safety and soundness of New York State's financial services industry. Requirements protect the confidentiality, integrity and availability of information systems, including • Risk assessments • Restricted user privileges • Automatic logouts • Antivirus • Multi-factor authentication • System activity logging Sarbanes–Oxley Act Enacted July 30, 2002 United States federal law Sets requirements for U.S. public companies. Certain provisions apply to private companies Requires corporates to assess the effectiveness of internal controls and report this assessment annually to the SEC. Any review of internal controls would not be complete with out addressing controls around information security including • Security Policy • Security Standards • Access and Authentication • Network Security • Monitoring • Segregation of Duties 18
  • 20. The IBM i is increasingly connected • Prior to the 1990s, the IBM i was isolated • In the 1990s IBM opened up the system to TCP/IP • The numbers of ways the system could be accessed grew • Legacy, proprietary protocols now cohabitate with new, open- source protocols – creating access point headaches • The worldwide hacker community now recognizes the IBM i as a high-value target 4 important levels of access must now be secured • Network access • Communication port access • Database access • Command access Why Secure Access Points? 20
  • 21. What are exit points and exit programs? • Exit points and exit programs are powerful tools for access control • Introduced in 1994 to the AS/400 in V3R1 of the operating system • Exit points provide “hooks” to invoke one or more user-written programs—called exit programs—for a variety of OS-related operations • Exit programs are registered to particular exit points How can exit points be used? • Exit programs can allow or deny access based on parameters such as permissions, date/time, user profile settings, IP addresses, etc. • Command exit points can allow or deny command execution based on context and parameters • Exit programs can also trigger actions such as logging access attempts, disabling user profiles, sending an alert, etc. Exit Points and Exit Programs 21
  • 22. Securing Network Access Security Challenges • Network protocols make it possible for users to connect directly to backend databases on the IBM i • Network protocols include FTP, ODBC, JDBC, DDM, DRDA, NetServer and others • Without proper controls, the system is open to hackers or internal users who may create problems • Without network controls, it is also possible to remotely execute commands (e.g. RCMD or REXEC) via FTP, ODBC and RMTCMD functions • SQL statements could also be remotely executed via ODBC, JDBC and DRDA if not locked down How Exit Points Can Help • IBM i provides dozens of exit points that cover most network access protocols • Exit programs can be created and assigned to these exit points • Exit programs can control access by a variety of criteria and monitor and log activity • When access is controlled through network exit programs, only the specific operations defined by the exit program can occur • Application Administration provides a partial solution that can control which users can access particular network functions, but does not provide logging and cannot be controlled via granular rules 22
  • 23. Securing Com Port Access Security Challenges • Some network protocols don’t have their own exit points and can’t be protected in the same way • These network protocols include SSH, SFTP, SMTP and others • IT teams may also wish to control communication access in a way network or other types of exit points cannot (for example, specifying a port number) How Exit Points Can Help • IBM provides socket exit points • Socket exit programs secure connections by specific port and/or IP addresses • Socket exit programs have limits; e.g. fewer parameters are available to control inbound connection • Socket exit points paired with the other types of exit point access control methods provide stronger protection 23
  • 24. Securing Database Access Security Challenges • Object-level security only goes so far in controlling access to sensitive data • Open-source protocols that access data create particular vulnerabilities • Open-source protocols include JSON, Node.js, Python, Ruby and others • Open-source protocols don’t have their own exit points • Without properly securing database access, data could be viewed or changed without proper authorization or even stolen How Exit Points Can Help • A powerful exit point called Open Database File allows exit programs that protect data from any kind of access • The exit program can be invoked whenever a physical file, logical file, SQL table or SQL view is opened • The exit program can contain a granular set of rules that control under what conditions the file can be accessed and by whom • The exit program can also be defined to audit all activity 24
  • 25. Securing Command Access Security Challenges • The incorrect use of commands by users can cause considerable damage (deleting files, ending processes, or worse) • Access to commands can be controlled to some extent through user profiles and object-level security • A more refined approach to command control is often required – especially for powerful profiles How Exit Points Can Help • IBM i provides exit points that cover the use of commands • Exit programs can be developed to allow or disallow access to any command within very specific circumstances • Command control can be performed regardless of whether it is performed within the IBM i or through network access • Command exit programs supersede normal object-level security to provide an additional, very useful layer of security for users with powerful authorities 25
  • 27. Assure Security Assure Data Privacy Assure Encryption Assure Secure File Transfer Assure Monitoring and Reporting Assure Db2 Data Monitor Assure Access Control Assure System Access Manager Assure Elevated Authority Manager Assure Multi-Factor Authentication Security Risk Assessment Assure Compliance Monitoring Assure Access Control assures comprehensive control of system and database access 27
  • 28. Assure Multi-Factor Authentication Full-featured multi-factor authentication for IBM i • Enables you to require two or more factors for authentication: • Something the user knows • Something the user has • Something the user “is” • Relies on codes from authentication services delivered via mobile device, email, hardware token, etc. • Enables self-service profile re- enablement and self-service password changes • Supports the Four Eyes Principle for supervised changes • RSA certified (See DOC-92160 on RSA’s community site) Powerful, flexible deployment options • Allows multi-factor authentication to be enabled only for specific users or situations • Rules engine makes it easy to configure when multi-factor authentication is used • Supports multiple authenticators • Free Syncsort authenticator • RADIUS-based servers • RSA SecurID (on-prem or cloud) • Options to initiate from the 5250 signon screen or on-demand (manually or from a program) • Options for multi-factor or two-step authentication Strengthens login security and enables compliance • Adds an authentication layer above and beyond memorized or written passwords • Reduces potential for the cost and consequences of data theft and unauthorized access to systems and applications • Lowers risk of an unauthorized user guessing or finding another user’s password • Addresses regulatory requirements and recommendations in PCI DSS 3.2, NYDFS Cybersecurity Regulation, Swift Alliance Access, GLBA/FFIEC, and more 28
  • 29. Complete, automated control of elevated user authorities • Administrators can manually grant user’s requests or rules can be configured to manage them • Define rules for source and target profiles based on group profiles, supplemental groups, user list, etc. • Rules determine the context in which authority can be granted, such as time of date, job name, IP address and more • *SWAP or *ADOPT methods are supported to elevate authority • Handles processes connecting via ODBC, JDBC, DRDA and FTP • Monitors elevated users and duration of elevation from GUI or 5250 displays • Maintains an audit trail of elevated activity using job logs, screen captures, exit points and journals • An option is available to simply log user activity without changing authorities • Produces alerts on events such as exceeding authorized time • Generates reports in a variety of formats • Allows integration with ticketing systems Enables regulatory compliance and security best practice • Generates an audit trail of actions by elevated profiles for compliance auditors • Makes it easy to manage requests for elevated authority on demand • Enforces segregation of duties • Satisfies security officers by reducing the number of powerful profiles and maintaining a comprehensive audit trail • Produces necessary alerts and reports • Significantly reduces security exposures caused by human error • Reduces risk of unauthorized access to sensitive data Comprehensive monitoring of elevated profiles Assure Elevated Authority Manager 29
  • 30. Assure System Access Manager Comprehensive control of external and internal access • Network access (FTP, ODBC, JDBC, OLE DB, DDM, DRDA, NetServer, etc.) • Communication port access (using ports, IP addresses, sockets - covers SSH, SFTP, SMTP, etc.) • Database access (open-source protocols - JSON, Node.js, Python, Ruby, etc.) • Command access Powerful, flexible and easy to manage • Easy to use graphical interface • Standard configuration provided for out-of-the-box deployment • Powerful, flexible rules for controlling access based on conditions such as date/time, user profile settings, IP addresses, etc. • Simulation mode for testing rules without impact to the users • Provides alerts and produces reports • Logs access data for SIEM integration Secures IBM i systems and enables regulatory compliance • Supports regulatory requirements for SOX, GDPR, PCI-DSS, HIPAA, and others • Satisfies security officers by securing access to IBM i systems and data • Significantly reduces the time and cost of achieving regulatory compliance • Enables implementation of security best practices • Quickly detects security incidents so you can efficiently remediate them • Has low impact on system performance 30
  • 31. Expert services are available for • Security risk assessment • Quick start services • Quick check services • Security update services (hot fixes, PTFs, new releases, etc.) • System update services (ensuring security solution is properly configured after system changes to IP addresses, OS versions, etc.) • Auditor assist (supporting internal or external auditors) • Managed security services • A la carte consulting Leverage the seasoned security experts in Syncsort Global Services! The Syncsort Services Team Is Here for You 31