SlideShare une entreprise Scribd logo

IBM i Security Study

Télécharger en tant que PPTX, PDF
HelpSystems
HelpSystems

Learn from 10 years of IBM i audits, including AS400 audits and iSeries audits. This popular study includes recommendations on iSeries security configurations, iSeries user controls, iSeries client access, and other IBM security tips.

TechnologieBusiness
1  sur  73
WELCOME MAY 1, 2013 Robin Tatam, Director of Security Technologies
Today’s Agenda • • • • • • 2 Introductions Regulations on IBM i Conducting The Study The State of IBM i Security Study Resources for Security Officers Questions and Answers
Today’s Speaker ROBIN TATAM Director of Security Technologies 952-563-2768 robin.tatam@powertech.com 3
About PowerTech • Premier Provider of Security Solutions & Services – 16 years in the security industry as an established thought leader – Customers in over 70 countries, representing every industry – Security Subject Matter Expert for COMMON • • • • 4 IBM Advanced Business Partner Member of PCI Security Standards Council Authorized by NASBA to issue CPE Credits for Security Education Publisher of the Annual “State of IBM i Security” Report
Today’s Agenda • • • • • • 5 Introductions Regulations on IBM i Conducting The Study The State of IBM i Security Study Resources for Security Officers Questions and Answers
Why Do I Need To Audit? • • Industry Regulations, such as Payment Card Industry (PCI DSS) • Internal Activity Tracking • High Availability • 6 Legislation, such as Sarbanes-Oxley (SOX), HIPAA, GLBA, State Privacy Acts Application Research & Debugging
Which Standards Do I Audit Against? • Is there a company Security Policy? (We’ve got one to help you get started) • Guidelines and Standards – COBIT – ISO 27002 (formerly known as 17799) – ITIL 7
IT Controls— An Auditor’s Perspective Can users perform functions/activities that are in conflict with their job responsibilities? Can users modify/corrupt application data? Can users circumvent controls to initiate/record unauthorized transactions? Can users engage in fraud and cover their tracks? 8
The Auditor’s Credo… Of course I believe you! (But you still have to prove it to me) 9
Today’s Agenda • • • • • • 10 Introductions Regulations on IBM i Conducting The Study The State of IBM i Security Study Resources for Security Officers Questions and Answers
Purpose Of The Study Help IT managers and auditors understand IBM i security exposures Focus on top areas of concern in meeting regulatory compliance Help IT develop strategic plans to address—or confirm—high risk vulnerabilities 11
How We Collect The Data PowerTech Compliance Assessment – Launched from a PC – Collects security data – Data for the study is anonymous Companies are self-selected – More, or less, security-aware? Study first published in 2003 – Over 1,700 participants since inception Schedule your Compliance Assessment at www.PowerTech.com 12
Be A Part of the Study! YOUR PC YOUR IBM i SERVER YOUR VULNERABILITIES (Participation in the Security Study is optional) 13
Simple summary provides auditor & executives with visual indicators
IBM i registry is reviewed to see if network event are audited or controlled 15
*PUBLIC authority levels on application libraries are interrogated
Statistics are retrieved on profile metrics, such as any with default passwords 17
Review of the system values that impact security
Verify if auditing is active, and what types of audit events are being logged
Determine how many users have Special Authorities (admin privileges)
Six Major Areas of Review • • • • • • 21 System auditing Privileged users User and password management Data access Network access control System security values
Today’s Agenda • • • • • • 22 Introductions Regulations on IBM i Conducting The Study The State of IBM i Security Study Resources for Security Officers Questions and Answers
State of IBM i Security—Overall Assessed 101 different systems A total of: – 109,251 Users – 43,104 Libraries On average, per assessed system there were: – 1,082 Users – 427 Libraries 23
State of IBM i Security—Overall 24
State of IBM i Security—Overall WARNING: September 30 will be here SOON! 25
No. of Systems QSECURITY (System Security Level) System Value: QSECURITY 26
System Security Level Historically 27
What Does IBM Say About Security Level 30? 28
Using QUADJRN? Systems Using the System i Audit Journal 29
Audit Settings Historically Systems Using the System i Audit Journal (2010-2012) 30
Top 10 “Invalid Sign-On Attempts” Found 2010: 1,000,000+ 2011: 789,962 2012: 154,404 31
Top 10 “Invalid Sign-On Attempts” Found 10) 9) 8) 7) 6) 5) 4) 3) 2) 1) 32 7,729 8,333 12,921 19,201 23,183 28,078 147,918 161,427 211,631 567,772
Top 10 “Invalid Sign-On Attempts” Found But there was one that even shocked us! 6.9 million... All undetected! 33
What should I look for? 34
What Good Is Audit Journal Data? Too much data Too many places to look Manual reporting processes Audit and IT get locked in a request/respond cycle 35
Is Anyone Paying Attention? 88% of systems were logging audit data but… …only 27% of those had a recognized auditing tool installed Over 6.9 million invalid sign-on attempts against a single profile! – Would you be more concerned if you knew it was the QSECOFR profile? 36
Library Authority The only library authority that keeps users out is *EXCLUDE A policy of ―Least Privilege‖ calls for *PUBLIC to be excluded and then authorized users granted the appropriate access You can (potentially) delete objects with only *USE authority to the library 37
Library Authority 38
Library Authority— Historically 39
When New Objects Are Created Default Create Authority by Library 40
Network Access Control Many IBM i applications rely on menu security because… – It’s easy to build – It’s the legacy of many existing business applications Menu security design assumes: – Access always originates via the menus – No users has command line access – Users have no access to SQL-based tools Menu security is often accompanied by: – User being a member of group that owns the objects – *PUBLIC is granted broad (*CHANGE) access to data 41
Network Access Control ODBC isn’t rocket science anymore 42
Are These Services Running? 43
Exit Program Coverage 44
Administrator Privileges Special Authority (aka Privileges) *ALLOBJ *SECADM *IOSYSCFG *AUDIT *SPLCTL *SERVICE *JOBCTL *SAVSYS All Object The ―gold key‖ to every object, and almost every administrative operation on the system, including unstoppable data access 45
Administrator Privileges Special Authority (aka Privileges) *ALLOBJ *SECADM *IOSYSCFG *AUDIT *SPLCTL *SERVICE *JOBCTL *SAVSYS Security Administration Enables a user to create and maintain the system user profiles without requiring the user to be in the *SECOFR user class or giving *ALLOBJ authority 46
Administrator Privileges Special Authority (aka Privileges) *ALLOBJ *SECADM *IOSYSCFG *AUDIT *SPLCTL *SERVICE *JOBCTL *SAVSYS I/O Systems Configuration Allows the user to create, delete, and manage devices, lines, and controllers. Also permits the configuration of TCP/IP, and the start of associated servers (e.g., HTTP) 47
Administrator Privileges Special Authority (aka Privileges) *ALLOBJ *SECADM *IOSYSCFG *AUDIT *SPLCTL *SERVICE *JOBCTL *SAVSYS Audit The user is permitted to manage all aspects of auditing, including setting the audit system values and running the audit commands (CHGOBJAUD / CHGUSRAUD) 48
Administrator Privileges Special Authority (aka Privileges) *ALLOBJ *SECADM *IOSYSCFG *AUDIT *SPLCTL *SERVICE *JOBCTL *SAVSYS Spool Control This is the *ALLOBJ of Spooled Files. Allows a user to view/delete/hold/release any spooled file in any output queue, regardless of restrictions 49
Administrator Privileges Special Authority (aka Privileges) *ALLOBJ *SECADM *IOSYSCFG *AUDIT *SPLCTL *SERVICE *JOBCTL *SAVSYS Service Allows a user to access the System Service Tools (SST) login, although, since V5R1, they also need an SST login 50
Administrator Privileges Special Authority (aka Privileges) *ALLOBJ *SECADM *IOSYSCFG *AUDIT *SPLCTL *SERVICE *JOBCTL *SAVSYS Job Control Enables a user to be able to start/end subsystems, manipulate other users’ jobs. Also provides access to spooled files in output queues designated as ―operator control‖ 51
Administrator Privileges Special Authority (aka Privileges) *ALLOBJ *SECADM *IOSYSCFG *AUDIT *SPLCTL *SERVICE *JOBCTL *SAVSYS Save System Enables a user to perform save/restore operations on any object on the system, even if there is insufficient authority to use the object * Be cautious if securing objects at only a library level * 52
Administrator Privileges 53
Administrator Privileges Best Practices call for <10 users with SPCAUTs 54
Powerful Users Historically 55
Endless News Reports of Insider Breaches 56
No. of Systems Minimum Password Length System Value: QPWDMINLEN 57
No. of Systems Minimum Password Length Not too hard to guess your way in! System Value: QPWDMINLEN 58
No. of Systems Default Passwords 59
No. of Systems Password Expiration Password Expiration Period (Days) 60
No. of Systems How Many Attempts? Maximum Signon Attempts Allowed 61
No. of Systems How Many Attempts? Let’s hope this wasn’t the server that experienced 6.9 million invalid attempts Maximum Sign On Attempts Allowed 62
And Then What? Default Action for Exceeding Invalid Sign On Attempts 63
No. of Profiles Inactive Profiles 64
No. of Profiles 5250 Command Line 65
The Perfect Storm Of Vulnerability Security awareness among IBM I professionals is generally low IBM i awareness among audit professionals is generally low Some of the most valuable data in any organization is on your Power Systems server (System i, iSeries, AS/400) Most IBM i data is not secured and the users are far too powerful 66
The Call To Action 1. Conduct a Compliance Assessment (free and deep-dive options) 2. Remediate ―low-hanging fruit‖ such as default passwords and inactive accounts 3. Review appropriateness of profile settings: password rules, limit capabilities (command line), special authorities, etc. 4. Perform intrusion tests over FTP and ODC to assess data leak risk 5. Evaluate PowerTech solutions to mitigate risk 67
Comprehensive Security Solutions for Power Systems 68
Today’s Agenda • • • • • • 69 Introductions Regulations on IBM i Conducting The Study The State of IBM i Security Study Resources for Security Officers Questions and Answers
Additional Resources Online Compliance Guide 70 Security Policy
Today’s Agenda • • • • • • 71 Introductions Regulations on IBM i Conducting The Study The State of IBM i Security Study Resources for Security Officers Questions and Answers
Questions 72
Thanks for your time! Please visit www.PowerTech.com to access: • Demonstration Videos & Trial Downloads • Product Information Data Sheets • White Papers / Technical Articles • Customer Success Stories • PowerNews (Newsletter) • Robin’s Security Blog • To request a FREE Compliance Assessment www.powertech.com 73 (800) 915-7700 info@powertech.com

Recommandé

Getting Started with IBM i Security: User Privileges
Getting Started with IBM i Security: User PrivilegesGetting Started with IBM i Security: User Privileges
Getting Started with IBM i Security: User PrivilegesHelpSystems
 
Getting Started with IBM i Security
Getting Started with IBM i Security Getting Started with IBM i Security
Getting Started with IBM i Security HelpSystems
 
What's New in Security for IBM i?
What's New in Security for IBM i?What's New in Security for IBM i?
What's New in Security for IBM i?HelpSystems
 
Getting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC AccessGetting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC AccessHelpSystems
 
Aging RPG Programmers in Charge of Your IBM i?
Aging RPG Programmers in Charge of Your IBM i?Aging RPG Programmers in Charge of Your IBM i?
Aging RPG Programmers in Charge of Your IBM i?HelpSystems
 
The Cost of Managing IBM i Without Automation
The Cost of Managing IBM i Without AutomationThe Cost of Managing IBM i Without Automation
The Cost of Managing IBM i Without AutomationHelpSystems
 
Revealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityRevealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityHelpSystems
 
The Dark Side of Powerful Users
The Dark Side of Powerful UsersThe Dark Side of Powerful Users
The Dark Side of Powerful UsersHelpSystems
 

Recommandé

Getting Started with IBM i Security: User Privileges
Getting Started with IBM i Security: User PrivilegesGetting Started with IBM i Security: User Privileges
Getting Started with IBM i Security: User PrivilegesHelpSystems
 
Getting Started with IBM i Security
Getting Started with IBM i Security Getting Started with IBM i Security
Getting Started with IBM i Security HelpSystems
 
What's New in Security for IBM i?
What's New in Security for IBM i?What's New in Security for IBM i?
What's New in Security for IBM i?HelpSystems
 
Getting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC AccessGetting Started with IBM i Security: Securing PC Access
Getting Started with IBM i Security: Securing PC AccessHelpSystems
 
Aging RPG Programmers in Charge of Your IBM i?
Aging RPG Programmers in Charge of Your IBM i?Aging RPG Programmers in Charge of Your IBM i?
Aging RPG Programmers in Charge of Your IBM i?HelpSystems
 
The Cost of Managing IBM i Without Automation
The Cost of Managing IBM i Without AutomationThe Cost of Managing IBM i Without Automation
The Cost of Managing IBM i Without AutomationHelpSystems
 
Revealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityRevealing the 2016 State of IBM i Security
Revealing the 2016 State of IBM i SecurityHelpSystems
 
The Dark Side of Powerful Users
The Dark Side of Powerful UsersThe Dark Side of Powerful Users
The Dark Side of Powerful UsersHelpSystems
 
What's New with Ivanti’s Enterprise Licensing Agreement?
What's New with Ivanti’s Enterprise Licensing Agreement?What's New with Ivanti’s Enterprise Licensing Agreement?
What's New with Ivanti’s Enterprise Licensing Agreement?Ivanti
 
Common 2009 Getting Started On The Road To Compliance
Common 2009 Getting Started On The Road To ComplianceCommon 2009 Getting Started On The Road To Compliance
Common 2009 Getting Started On The Road To Complianceimigrnt
 
5 Things Your Security Administrator Should Tell You
5 Things Your Security Administrator Should Tell You5 Things Your Security Administrator Should Tell You
5 Things Your Security Administrator Should Tell YouHelpSystems
 
Privileged Access Manager Product Q&A
Privileged Access Manager Product Q&APrivileged Access Manager Product Q&A
Privileged Access Manager Product Q&AHitachi ID Systems, Inc.
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure EnterpriseIBM Security
 
Hitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Systems, Inc.
 
IBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - PortfolioIBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - PortfolioIBM Sverige
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM Sverige
 
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...IBM Security
 
Wave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalWave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalQuek Lilian
 
Hitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security AnalysisHitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security AnalysisHitachi ID Systems, Inc.
 
SPS Enterprise Family
SPS Enterprise FamilySPS Enterprise Family
SPS Enterprise FamilySymantec
 
Altiris IT Management Suite 7
Altiris IT Management Suite 7Altiris IT Management Suite 7
Altiris IT Management Suite 7Symantec
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityPrecisely
 
ERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, SolutionsERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, SolutionsERPScan
 
Security concerns in web erp
Security concerns in web erpSecurity concerns in web erp
Security concerns in web erpManoj Jhawar
 
IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Thailand Co Ltd
 
IT GRC with Symantec
IT GRC with SymantecIT GRC with Symantec
IT GRC with SymantecArrow ECS UK
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Iftikhar Ali Iqbal
 
Guardium
GuardiumGuardium
Guardiumgigamon
 
PowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful UsersPowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful UsersHelpSystems
 
Developing Secure IBM i Applications
Developing Secure IBM i ApplicationsDeveloping Secure IBM i Applications
Developing Secure IBM i ApplicationsHelpSystems
 

Contenu connexe

Tendances

What's New with Ivanti’s Enterprise Licensing Agreement?
What's New with Ivanti’s Enterprise Licensing Agreement?What's New with Ivanti’s Enterprise Licensing Agreement?
What's New with Ivanti’s Enterprise Licensing Agreement?Ivanti
 
Common 2009 Getting Started On The Road To Compliance
Common 2009 Getting Started On The Road To ComplianceCommon 2009 Getting Started On The Road To Compliance
Common 2009 Getting Started On The Road To Complianceimigrnt
 
5 Things Your Security Administrator Should Tell You
5 Things Your Security Administrator Should Tell You5 Things Your Security Administrator Should Tell You
5 Things Your Security Administrator Should Tell YouHelpSystems
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure EnterpriseIBM Security
 
Hitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Systems, Inc.
 
IBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - PortfolioIBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - PortfolioIBM Sverige
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM Sverige
 
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...IBM Security
 
Wave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalWave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalQuek Lilian
 
Hitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security AnalysisHitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security AnalysisHitachi ID Systems, Inc.
 
SPS Enterprise Family
SPS Enterprise FamilySPS Enterprise Family
SPS Enterprise FamilySymantec
 
Altiris IT Management Suite 7
Altiris IT Management Suite 7Altiris IT Management Suite 7
Altiris IT Management Suite 7Symantec
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityPrecisely
 
ERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, SolutionsERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, SolutionsERPScan
 
Security concerns in web erp
Security concerns in web erpSecurity concerns in web erp
Security concerns in web erpManoj Jhawar
 
IT GRC with Symantec
IT GRC with SymantecIT GRC with Symantec
IT GRC with SymantecArrow ECS UK
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Iftikhar Ali Iqbal
 
Guardium
GuardiumGuardium
Guardiumgigamon
 

Tendances (20)

What's New with Ivanti’s Enterprise Licensing Agreement?
What's New with Ivanti’s Enterprise Licensing Agreement?What's New with Ivanti’s Enterprise Licensing Agreement?
What's New with Ivanti’s Enterprise Licensing Agreement?
 
Common 2009 Getting Started On The Road To Compliance
Common 2009 Getting Started On The Road To ComplianceCommon 2009 Getting Started On The Road To Compliance
Common 2009 Getting Started On The Road To Compliance
 
5 Things Your Security Administrator Should Tell You
5 Things Your Security Administrator Should Tell You5 Things Your Security Administrator Should Tell You
5 Things Your Security Administrator Should Tell You
 
Privileged Access Manager Product Q&A
Privileged Access Manager Product Q&APrivileged Access Manager Product Q&A
Privileged Access Manager Product Q&A
 
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise3 Steps to Security Intelligence - How to Build a More Secure Enterprise
3 Steps to Security Intelligence - How to Build a More Secure Enterprise
 
Hitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and TechnologyHitachi ID Suite 9.0 Features and Technology
Hitachi ID Suite 9.0 Features and Technology
 
IBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - PortfolioIBM Security Identity and Access Management - Portfolio
IBM Security Identity and Access Management - Portfolio
 
IBM - IAM Security and Trends
IBM - IAM Security and TrendsIBM - IAM Security and Trends
IBM - IAM Security and Trends
 
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
In Today's Complex Multi Perimeter World, Are You Doing Enough to Secure Acce...
 
Wave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra RizalWave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
Wave 14 - Winodws 7 Security Story Core by MVP Azra Rizal
 
Hitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security AnalysisHitachi ID Password Manager Security Analysis
Hitachi ID Password Manager Security Analysis
 
SPS Enterprise Family
SPS Enterprise FamilySPS Enterprise Family
SPS Enterprise Family
 
Altiris IT Management Suite 7
Altiris IT Management Suite 7Altiris IT Management Suite 7
Altiris IT Management Suite 7
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and Security
 
ERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, SolutionsERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, Solutions
 
Security concerns in web erp
Security concerns in web erpSecurity concerns in web erp
Security concerns in web erp
 
IBM Security Portfolio - 2015
IBM Security Portfolio - 2015IBM Security Portfolio - 2015
IBM Security Portfolio - 2015
 
IT GRC with Symantec
IT GRC with SymantecIT GRC with Symantec
IT GRC with Symantec
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)
 
Guardium
GuardiumGuardium
Guardium
 

Similaire à IBM i Security Study

PowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful UsersPowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful UsersHelpSystems
 
Developing Secure IBM i Applications
Developing Secure IBM i ApplicationsDeveloping Secure IBM i Applications
Developing Secure IBM i ApplicationsHelpSystems
 
Security 101: Limiting Powerful User Profiles
Security 101: Limiting Powerful User ProfilesSecurity 101: Limiting Powerful User Profiles
Security 101: Limiting Powerful User ProfilesPrecisely
 
The Dangers of Elevated IBM i Authorities and How to Manage Them
The Dangers of Elevated IBM i Authorities and How to Manage ThemThe Dangers of Elevated IBM i Authorities and How to Manage Them
The Dangers of Elevated IBM i Authorities and How to Manage ThemPrecisely
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityPrecisely
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Andrejs Prokopjevs
 
Essential Layers of IBM i Security: IBM i Security Configuration
Essential Layers of IBM i Security: IBM i Security ConfigurationEssential Layers of IBM i Security: IBM i Security Configuration
Essential Layers of IBM i Security: IBM i Security ConfigurationPrecisely
 
Security 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataSecurity 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataPrecisely
 
4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less workIevgenii Katsan
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iPrecisely
 
Security 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataSecurity 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataPrecisely
 
IBM i Security Exposures Infographic
IBM i Security Exposures InfographicIBM i Security Exposures Infographic
IBM i Security Exposures InfographicHelpSystems
 
IBM i Security SIEM Integration
IBM i Security SIEM IntegrationIBM i Security SIEM Integration
IBM i Security SIEM IntegrationPrecisely
 
Getting Started with IBM i Security: Event Auditing
Getting Started with IBM i Security: Event AuditingGetting Started with IBM i Security: Event Auditing
Getting Started with IBM i Security: Event AuditingHelpSystems
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database securitySyaiful Ahdan
 
Essential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and AuditingEssential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and AuditingPrecisely
 
Cyber security series administrative control breaches
Cyber security series administrative control breaches Cyber security series administrative control breaches
Cyber security series administrative control breaches Jim Kaplan CIA CFE
 
Introducing Assure Security Risk Assessment
Introducing Assure Security Risk AssessmentIntroducing Assure Security Risk Assessment
Introducing Assure Security Risk AssessmentPrecisely
 
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteOracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteEdgar Alejandro Villegas
 

Similaire à IBM i Security Study (20)

PowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful UsersPowerTech - Part-Time Privileges: Accountability for Powerful Users
PowerTech - Part-Time Privileges: Accountability for Powerful Users
 
Developing Secure IBM i Applications
Developing Secure IBM i ApplicationsDeveloping Secure IBM i Applications
Developing Secure IBM i Applications
 
Security 101: Limiting Powerful User Profiles
Security 101: Limiting Powerful User ProfilesSecurity 101: Limiting Powerful User Profiles
Security 101: Limiting Powerful User Profiles
 
The Dangers of Elevated IBM i Authorities and How to Manage Them
The Dangers of Elevated IBM i Authorities and How to Manage ThemThe Dangers of Elevated IBM i Authorities and How to Manage Them
The Dangers of Elevated IBM i Authorities and How to Manage Them
 
Monitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and SecurityMonitoring and Reporting on IBM i Compliance and Security
Monitoring and Reporting on IBM i Compliance and Security
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
 
Essential Layers of IBM i Security: IBM i Security Configuration
Essential Layers of IBM i Security: IBM i Security ConfigurationEssential Layers of IBM i Security: IBM i Security Configuration
Essential Layers of IBM i Security: IBM i Security Configuration
 
Security 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataSecurity 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and Data
 
Chapter 7
Chapter 7Chapter 7
Chapter 7
 
4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work4 florin coada - dast automation, more value for less work
4 florin coada - dast automation, more value for less work
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
Security 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and DataSecurity 101: Controlling Access to IBM i Systems and Data
Security 101: Controlling Access to IBM i Systems and Data
 
IBM i Security Exposures Infographic
IBM i Security Exposures InfographicIBM i Security Exposures Infographic
IBM i Security Exposures Infographic
 
IBM i Security SIEM Integration
IBM i Security SIEM IntegrationIBM i Security SIEM Integration
IBM i Security SIEM Integration
 
Getting Started with IBM i Security: Event Auditing
Getting Started with IBM i Security: Event AuditingGetting Started with IBM i Security: Event Auditing
Getting Started with IBM i Security: Event Auditing
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database security
 
Essential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and AuditingEssential Layers of IBM i Security: Security Monitoring and Auditing
Essential Layers of IBM i Security: Security Monitoring and Auditing
 
Cyber security series administrative control breaches
Cyber security series administrative control breaches Cyber security series administrative control breaches
Cyber security series administrative control breaches
 
Introducing Assure Security Risk Assessment
Introducing Assure Security Risk AssessmentIntroducing Assure Security Risk Assessment
Introducing Assure Security Risk Assessment
 
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom KyteOracle Database 11g Security and Compliance Solutions - By Tom Kyte
Oracle Database 11g Security and Compliance Solutions - By Tom Kyte
 

Plus de HelpSystems

El Estado de la Seguridad de IBM i en 2020
El Estado de la Seguridad de IBM i en 2020El Estado de la Seguridad de IBM i en 2020
El Estado de la Seguridad de IBM i en 2020HelpSystems
 
Ciberseguridad Cómo identificar con certeza dispositivos comprometidos en la...
Ciberseguridad Cómo identificar con certeza dispositivos comprometidos en la...Ciberseguridad Cómo identificar con certeza dispositivos comprometidos en la...
Ciberseguridad Cómo identificar con certeza dispositivos comprometidos en la...HelpSystems
 
Rbt jdbc odbc webinar
Rbt jdbc odbc webinar Rbt jdbc odbc webinar
Rbt jdbc odbc webinar HelpSystems
 
RPA en 45 minutos
RPA en 45 minutos RPA en 45 minutos
RPA en 45 minutos HelpSystems
 
Webinar go anywhere_mft_scripts
Webinar go anywhere_mft_scriptsWebinar go anywhere_mft_scripts
Webinar go anywhere_mft_scriptsHelpSystems
 
Automatización de Procesos de IT
Automatización de Procesos de ITAutomatización de Procesos de IT
Automatización de Procesos de ITHelpSystems
 
Hs 2020-ibmi-marketplace-spanish v3
Hs 2020-ibmi-marketplace-spanish v3Hs 2020-ibmi-marketplace-spanish v3
Hs 2020-ibmi-marketplace-spanish v3HelpSystems
 
Caso de éxito Zurich automatiza sus procesos críticos de Negocio con RPA
Caso de éxito Zurich automatiza sus procesos críticos de Negocio con RPACaso de éxito Zurich automatiza sus procesos críticos de Negocio con RPA
Caso de éxito Zurich automatiza sus procesos críticos de Negocio con RPAHelpSystems
 
Centro de Excelencia en Automatización 3
Centro de Excelencia en Automatización 3Centro de Excelencia en Automatización 3
Centro de Excelencia en Automatización 3HelpSystems
 
Cómo crear un Centro de Excelencia de Automatización 2
Cómo crear un Centro de Excelencia de Automatización 2Cómo crear un Centro de Excelencia de Automatización 2
Cómo crear un Centro de Excelencia de Automatización 2HelpSystems
 
Construyendo un Centro de Excelencia de Automatización PARTE 1
Construyendo un Centro de Excelencia de Automatización PARTE 1Construyendo un Centro de Excelencia de Automatización PARTE 1
Construyendo un Centro de Excelencia de Automatización PARTE 1HelpSystems
 
Webinar Vityl IT & Business Monitoring
Webinar Vityl IT & Business MonitoringWebinar Vityl IT & Business Monitoring
Webinar Vityl IT & Business MonitoringHelpSystems
 
1 año de RGPD: 3 formas en las que HelpSystems puede ayudar
1 año de RGPD: 3 formas en las que HelpSystems puede ayudar1 año de RGPD: 3 formas en las que HelpSystems puede ayudar
1 año de RGPD: 3 formas en las que HelpSystems puede ayudarHelpSystems
 
Automate feature tour
Automate feature tourAutomate feature tour
Automate feature tourHelpSystems
 
WEBINAR GRABADO Automatización de procesos de IT: tecnologías más usadas, cas...
WEBINAR GRABADO Automatización de procesos de IT: tecnologías más usadas, cas...WEBINAR GRABADO Automatización de procesos de IT: tecnologías más usadas, cas...
WEBINAR GRABADO Automatización de procesos de IT: tecnologías más usadas, cas...HelpSystems
 
5 problemas del intercambio de archivos mediante scripts
5 problemas del intercambio de archivos mediante scripts5 problemas del intercambio de archivos mediante scripts
5 problemas del intercambio de archivos mediante scriptsHelpSystems
 
CASO DE ÉXITO: Grupo Banco San Juan
CASO DE ÉXITO: Grupo Banco San JuanCASO DE ÉXITO: Grupo Banco San Juan
CASO DE ÉXITO: Grupo Banco San JuanHelpSystems
 
Webinar Security Scan
Webinar Security ScanWebinar Security Scan
Webinar Security ScanHelpSystems
 

Plus de HelpSystems (20)

El Estado de la Seguridad de IBM i en 2020
El Estado de la Seguridad de IBM i en 2020El Estado de la Seguridad de IBM i en 2020
El Estado de la Seguridad de IBM i en 2020
 
Ciberseguridad Cómo identificar con certeza dispositivos comprometidos en la...
Ciberseguridad Cómo identificar con certeza dispositivos comprometidos en la...Ciberseguridad Cómo identificar con certeza dispositivos comprometidos en la...
Ciberseguridad Cómo identificar con certeza dispositivos comprometidos en la...
 
Rbt jdbc odbc webinar
Rbt jdbc odbc webinar Rbt jdbc odbc webinar
Rbt jdbc odbc webinar
 
RPA en 45 minutos
RPA en 45 minutos RPA en 45 minutos
RPA en 45 minutos
 
Webinar go anywhere_mft_scripts
Webinar go anywhere_mft_scriptsWebinar go anywhere_mft_scripts
Webinar go anywhere_mft_scripts
 
Automatización de Procesos de IT
Automatización de Procesos de ITAutomatización de Procesos de IT
Automatización de Procesos de IT
 
Hs 2020-ibmi-marketplace-spanish v3
Hs 2020-ibmi-marketplace-spanish v3Hs 2020-ibmi-marketplace-spanish v3
Hs 2020-ibmi-marketplace-spanish v3
 
Mft 45 minutos
Mft 45 minutosMft 45 minutos
Mft 45 minutos
 
Caso de éxito Zurich automatiza sus procesos críticos de Negocio con RPA
Caso de éxito Zurich automatiza sus procesos críticos de Negocio con RPACaso de éxito Zurich automatiza sus procesos críticos de Negocio con RPA
Caso de éxito Zurich automatiza sus procesos críticos de Negocio con RPA
 
Centro de Excelencia en Automatización 3
Centro de Excelencia en Automatización 3Centro de Excelencia en Automatización 3
Centro de Excelencia en Automatización 3
 
Cómo crear un Centro de Excelencia de Automatización 2
Cómo crear un Centro de Excelencia de Automatización 2Cómo crear un Centro de Excelencia de Automatización 2
Cómo crear un Centro de Excelencia de Automatización 2
 
Construyendo un Centro de Excelencia de Automatización PARTE 1
Construyendo un Centro de Excelencia de Automatización PARTE 1Construyendo un Centro de Excelencia de Automatización PARTE 1
Construyendo un Centro de Excelencia de Automatización PARTE 1
 
Webinar Vityl IT & Business Monitoring
Webinar Vityl IT & Business MonitoringWebinar Vityl IT & Business Monitoring
Webinar Vityl IT & Business Monitoring
 
1 año de RGPD: 3 formas en las que HelpSystems puede ayudar
1 año de RGPD: 3 formas en las que HelpSystems puede ayudar1 año de RGPD: 3 formas en las que HelpSystems puede ayudar
1 año de RGPD: 3 formas en las que HelpSystems puede ayudar
 
Mft 45 minutos
Mft 45 minutosMft 45 minutos
Mft 45 minutos
 
Automate feature tour
Automate feature tourAutomate feature tour
Automate feature tour
 
WEBINAR GRABADO Automatización de procesos de IT: tecnologías más usadas, cas...
WEBINAR GRABADO Automatización de procesos de IT: tecnologías más usadas, cas...WEBINAR GRABADO Automatización de procesos de IT: tecnologías más usadas, cas...
WEBINAR GRABADO Automatización de procesos de IT: tecnologías más usadas, cas...
 
5 problemas del intercambio de archivos mediante scripts
5 problemas del intercambio de archivos mediante scripts5 problemas del intercambio de archivos mediante scripts
5 problemas del intercambio de archivos mediante scripts
 
CASO DE ÉXITO: Grupo Banco San Juan
CASO DE ÉXITO: Grupo Banco San JuanCASO DE ÉXITO: Grupo Banco San Juan
CASO DE ÉXITO: Grupo Banco San Juan
 
Webinar Security Scan
Webinar Security ScanWebinar Security Scan
Webinar Security Scan
 

Dernier

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Dernier (20)

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

IBM i Security Study

  • 1. WELCOME MAY 1, 2013 Robin Tatam, Director of Security Technologies
  • 2. Today’s Agenda • • • • • • 2 Introductions Regulations on IBM i Conducting The Study The State of IBM i Security Study Resources for Security Officers Questions and Answers
  • 3. Today’s Speaker ROBIN TATAM Director of Security Technologies 952-563-2768 robin.tatam@powertech.com 3
  • 4. About PowerTech • Premier Provider of Security Solutions & Services – 16 years in the security industry as an established thought leader – Customers in over 70 countries, representing every industry – Security Subject Matter Expert for COMMON • • • • 4 IBM Advanced Business Partner Member of PCI Security Standards Council Authorized by NASBA to issue CPE Credits for Security Education Publisher of the Annual “State of IBM i Security” Report
  • 5. Today’s Agenda • • • • • • 5 Introductions Regulations on IBM i Conducting The Study The State of IBM i Security Study Resources for Security Officers Questions and Answers
  • 6. Why Do I Need To Audit? • • Industry Regulations, such as Payment Card Industry (PCI DSS) • Internal Activity Tracking • High Availability • 6 Legislation, such as Sarbanes-Oxley (SOX), HIPAA, GLBA, State Privacy Acts Application Research & Debugging
  • 7. Which Standards Do I Audit Against? • Is there a company Security Policy? (We’ve got one to help you get started) • Guidelines and Standards – COBIT – ISO 27002 (formerly known as 17799) – ITIL 7
  • 8. IT Controls— An Auditor’s Perspective Can users perform functions/activities that are in conflict with their job responsibilities? Can users modify/corrupt application data? Can users circumvent controls to initiate/record unauthorized transactions? Can users engage in fraud and cover their tracks? 8
  • 9. The Auditor’s Credo… Of course I believe you! (But you still have to prove it to me) 9
  • 10. Today’s Agenda • • • • • • 10 Introductions Regulations on IBM i Conducting The Study The State of IBM i Security Study Resources for Security Officers Questions and Answers
  • 11. Purpose Of The Study Help IT managers and auditors understand IBM i security exposures Focus on top areas of concern in meeting regulatory compliance Help IT develop strategic plans to address—or confirm—high risk vulnerabilities 11
  • 12. How We Collect The Data PowerTech Compliance Assessment – Launched from a PC – Collects security data – Data for the study is anonymous Companies are self-selected – More, or less, security-aware? Study first published in 2003 – Over 1,700 participants since inception Schedule your Compliance Assessment at www.PowerTech.com 12
  • 13. Be A Part of the Study! YOUR PC YOUR IBM i SERVER YOUR VULNERABILITIES (Participation in the Security Study is optional) 13
  • 14. Simple summary provides auditor & executives with visual indicators
  • 15. IBM i registry is reviewed to see if network event are audited or controlled 15
  • 16. *PUBLIC authority levels on application libraries are interrogated
  • 17. Statistics are retrieved on profile metrics, such as any with default passwords 17
  • 18. Review of the system values that impact security
  • 19. Verify if auditing is active, and what types of audit events are being logged
  • 20. Determine how many users have Special Authorities (admin privileges)
  • 21. Six Major Areas of Review • • • • • • 21 System auditing Privileged users User and password management Data access Network access control System security values
  • 22. Today’s Agenda • • • • • • 22 Introductions Regulations on IBM i Conducting The Study The State of IBM i Security Study Resources for Security Officers Questions and Answers
  • 23. State of IBM i Security—Overall Assessed 101 different systems A total of: – 109,251 Users – 43,104 Libraries On average, per assessed system there were: – 1,082 Users – 427 Libraries 23
  • 24. State of IBM i Security—Overall 24
  • 25. State of IBM i Security—Overall WARNING: September 30 will be here SOON! 25
  • 26. No. of Systems QSECURITY (System Security Level) System Value: QSECURITY 26
  • 28. What Does IBM Say About Security Level 30? 28
  • 29. Using QUADJRN? Systems Using the System i Audit Journal 29
  • 30. Audit Settings Historically Systems Using the System i Audit Journal (2010-2012) 30
  • 31. Top 10 “Invalid Sign-On Attempts” Found 2010: 1,000,000+ 2011: 789,962 2012: 154,404 31
  • 32. Top 10 “Invalid Sign-On Attempts” Found 10) 9) 8) 7) 6) 5) 4) 3) 2) 1) 32 7,729 8,333 12,921 19,201 23,183 28,078 147,918 161,427 211,631 567,772
  • 33. Top 10 “Invalid Sign-On Attempts” Found But there was one that even shocked us! 6.9 million... All undetected! 33
  • 34. What should I look for? 34
  • 35. What Good Is Audit Journal Data? Too much data Too many places to look Manual reporting processes Audit and IT get locked in a request/respond cycle 35
  • 36. Is Anyone Paying Attention? 88% of systems were logging audit data but… …only 27% of those had a recognized auditing tool installed Over 6.9 million invalid sign-on attempts against a single profile! – Would you be more concerned if you knew it was the QSECOFR profile? 36
  • 37. Library Authority The only library authority that keeps users out is *EXCLUDE A policy of ―Least Privilege‖ calls for *PUBLIC to be excluded and then authorized users granted the appropriate access You can (potentially) delete objects with only *USE authority to the library 37
  • 40. When New Objects Are Created Default Create Authority by Library 40
  • 41. Network Access Control Many IBM i applications rely on menu security because… – It’s easy to build – It’s the legacy of many existing business applications Menu security design assumes: – Access always originates via the menus – No users has command line access – Users have no access to SQL-based tools Menu security is often accompanied by: – User being a member of group that owns the objects – *PUBLIC is granted broad (*CHANGE) access to data 41
  • 42. Network Access Control ODBC isn’t rocket science anymore 42
  • 43. Are These Services Running? 43
  • 45. Administrator Privileges Special Authority (aka Privileges) *ALLOBJ *SECADM *IOSYSCFG *AUDIT *SPLCTL *SERVICE *JOBCTL *SAVSYS All Object The ―gold key‖ to every object, and almost every administrative operation on the system, including unstoppable data access 45
  • 46. Administrator Privileges Special Authority (aka Privileges) *ALLOBJ *SECADM *IOSYSCFG *AUDIT *SPLCTL *SERVICE *JOBCTL *SAVSYS Security Administration Enables a user to create and maintain the system user profiles without requiring the user to be in the *SECOFR user class or giving *ALLOBJ authority 46
  • 47. Administrator Privileges Special Authority (aka Privileges) *ALLOBJ *SECADM *IOSYSCFG *AUDIT *SPLCTL *SERVICE *JOBCTL *SAVSYS I/O Systems Configuration Allows the user to create, delete, and manage devices, lines, and controllers. Also permits the configuration of TCP/IP, and the start of associated servers (e.g., HTTP) 47
  • 48. Administrator Privileges Special Authority (aka Privileges) *ALLOBJ *SECADM *IOSYSCFG *AUDIT *SPLCTL *SERVICE *JOBCTL *SAVSYS Audit The user is permitted to manage all aspects of auditing, including setting the audit system values and running the audit commands (CHGOBJAUD / CHGUSRAUD) 48
  • 49. Administrator Privileges Special Authority (aka Privileges) *ALLOBJ *SECADM *IOSYSCFG *AUDIT *SPLCTL *SERVICE *JOBCTL *SAVSYS Spool Control This is the *ALLOBJ of Spooled Files. Allows a user to view/delete/hold/release any spooled file in any output queue, regardless of restrictions 49
  • 50. Administrator Privileges Special Authority (aka Privileges) *ALLOBJ *SECADM *IOSYSCFG *AUDIT *SPLCTL *SERVICE *JOBCTL *SAVSYS Service Allows a user to access the System Service Tools (SST) login, although, since V5R1, they also need an SST login 50
  • 51. Administrator Privileges Special Authority (aka Privileges) *ALLOBJ *SECADM *IOSYSCFG *AUDIT *SPLCTL *SERVICE *JOBCTL *SAVSYS Job Control Enables a user to be able to start/end subsystems, manipulate other users’ jobs. Also provides access to spooled files in output queues designated as ―operator control‖ 51
  • 52. Administrator Privileges Special Authority (aka Privileges) *ALLOBJ *SECADM *IOSYSCFG *AUDIT *SPLCTL *SERVICE *JOBCTL *SAVSYS Save System Enables a user to perform save/restore operations on any object on the system, even if there is insufficient authority to use the object * Be cautious if securing objects at only a library level * 52
  • 54. Administrator Privileges Best Practices call for <10 users with SPCAUTs 54
  • 56. Endless News Reports of Insider Breaches 56
  • 57. No. of Systems Minimum Password Length System Value: QPWDMINLEN 57
  • 58. No. of Systems Minimum Password Length Not too hard to guess your way in! System Value: QPWDMINLEN 58
  • 59. No. of Systems Default Passwords 59
  • 60. No. of Systems Password Expiration Password Expiration Period (Days) 60
  • 61. No. of Systems How Many Attempts? Maximum Signon Attempts Allowed 61
  • 62. No. of Systems How Many Attempts? Let’s hope this wasn’t the server that experienced 6.9 million invalid attempts Maximum Sign On Attempts Allowed 62
  • 63. And Then What? Default Action for Exceeding Invalid Sign On Attempts 63
  • 65. No. of Profiles 5250 Command Line 65
  • 66. The Perfect Storm Of Vulnerability Security awareness among IBM I professionals is generally low IBM i awareness among audit professionals is generally low Some of the most valuable data in any organization is on your Power Systems server (System i, iSeries, AS/400) Most IBM i data is not secured and the users are far too powerful 66
  • 67. The Call To Action 1. Conduct a Compliance Assessment (free and deep-dive options) 2. Remediate ―low-hanging fruit‖ such as default passwords and inactive accounts 3. Review appropriateness of profile settings: password rules, limit capabilities (command line), special authorities, etc. 4. Perform intrusion tests over FTP and ODC to assess data leak risk 5. Evaluate PowerTech solutions to mitigate risk 67
  • 69. Today’s Agenda • • • • • • 69 Introductions Regulations on IBM i Conducting The Study The State of IBM i Security Study Resources for Security Officers Questions and Answers
  • 70. Additional Resources Online Compliance Guide 70 Security Policy
  • 71. Today’s Agenda • • • • • • 71 Introductions Regulations on IBM i Conducting The Study The State of IBM i Security Study Resources for Security Officers Questions and Answers
  • 73. Thanks for your time! Please visit www.PowerTech.com to access: • Demonstration Videos & Trial Downloads • Product Information Data Sheets • White Papers / Technical Articles • Customer Success Stories • PowerNews (Newsletter) • Robin’s Security Blog • To request a FREE Compliance Assessment www.powertech.com 73 (800) 915-7700 info@powertech.com