Get empowered with IBM Power
Don’t miss this Friday’s @iTech_Sol #webinar with @stevencpitcher on how to ensure your #IBMi-integrated #Db2 #database is performing at an optimal level and working perfectly. Click below to register. #IBMPower ow.ly/rqIF50Gcavz
– Skytap (@Skytap)08:05 – Sep 22, 2021
When resources are tight, it is important to optimize their usage and maximize the business value they deliver. This is the very foundation of what is called lean manufacturing or just-in-time manufacturing, which more than a few IBM i shops know a thing or two about because this platform has been used for decades by process and discrete manufacturers to automate their businesses.
The post Value Stream Management (VSM): Bringing Lean Manufacturing Techniques To IBM i Development appeared first on ARCAD Software.
Let’s get back to the basics. These sessions are designed for anyone starting out as an IBM i system admin, looking to refresh their knowledge, or looking to learn more.
Presented by:
Steve has been involved with IBM i since 2001 primarily in the manufacturing and distribution industries. Over that period he’s been a systems administrator, developer, IT Manager and IT Director. He joined iTech Solutions in 2017 in a combined sales/technical role, bringing additional expertise in security, IBM Lotus Domino and WebSphere.
A longtime IBM Champion, first as part of the inaugural group for IBM Collaboration Solutions (2011) and then as an IBM Champion for Power Systems (2016-present), you’ll find Steve speaking at events around the world about IBM i administration, modernization and security. He’s been a community advocate on the COMMON Americas Advisory Council since 2012 and is currently serving on the COMMON Board of Directors.
…
The post iBasics | Who is *Public and Why You Need to Know | iTech first appeared on iTech Solutions Group.
Ransomware attacks have been prominent in the news lately, but for every such breach that is widely publicized, there are many others that go unreported in the press. Companies of all sizes are affected by the problem.
Unfortunately, many don’t take proactive steps to limit their exposure until they have been victimized. A single ransomware attack can cost hundreds of thousands (or even millions) of dollars and can frequently lead to the dismissal of senior IT personnel. To make matters worse, paying hackers a ransom to unlock your data and systems doesn’t necessarily provide a solution. Even when you pay ransomware, the tools provided by the ransomware hacker may not immediately allow the recovery of your data. You can run into issues like getting the wrong key, a bad decryption utility, compatibility issues and other challenges can delay the recovery of your data.
If your organization is running IBM i systems, you may think that your risk is limited by virtue of its history as a relatively secure platform. Hackers have traditionally sought out targets running Windows-based systems or Linux variants that are in more widespread use. In fact, there is currently no malware in existence that is known to target the IBM i operating system per se, but businesses running IBM i should not take that as an assurance that they’re not at risk.
Many IBM i systems are plagued by poor security practices that leave them exposed to potential attackers. Here’s a review of some of the common sources of security risk on the IBM i platform, along with the experts’ recommendations on protecting against intrusions and malware infection.
There are two fundamental ways in which malware might be introduced into an IBM i system. First, it may be stored on the integrated file system (IFS) by a hacker who gains direct access. Second, malware may be introduced through a workstation where there is a mapped drive to an IFS share. The worst possible scenario is to have a read-write share to Root, which exposes your entire system to hackers. In this scenario, anyone with a user profile can compromise your entire system.
Unlike Windows, IBM i systems do not apply permissions to a shared directory. Instead, all shares are defined as being read-write or read-only, and users are granted authority to either access the directory or not and are granted authorities on specific objects within the directory.
Watch our Webcast
To learn more about securing your IBM i systems against ransomware and other malware attacks, watch our free on-demand webcast.
To reduce risk, system administrators should remove unused shares and restrict existing shares to read-only status wherever possible. In addition, they should restrict user access to the objects within those shares, being careful to limit access on an as-needed basis. Very often, we see systems in which shares were created at some point in the past, but are not currently needed, and, in fact, have not been used for quite a long time.
As a first step, system administrators should perform an audit of existing file shares (either by using the IBM Navigator, or with the SQL tool (QSYS2.server_share_info service) to return a list of existing shares. Remove any unused shares, and wherever possible, set existing shares to read-only status. To the extent that shares must allow write access, limit authorities to those users who absolutely require it. This limits exposure to only those users who have access to the path, including users with *ALLOBJ permissions.
It’s also a good practice to set up shares so that they do not automatically reconnect at logon, unless they are used very frequently by the users at the workstation in question. It is common to find users who have not accessed such shares in a very long time, including those who have changed jobs and no longer require access to it.
Whenever possible, it is also a good practice to set up file shares to be hidden. By appending the sharing with the “$” character, the share will be invisible to attackers (or anyone else) who is simply browsing the system looking for open directories. This is commonly known as “security through obscurity.” Hackers cannot get information if they do not know that it even exists. While this does not prevent someone from connecting to the share per se, it does require that they be aware of its existence, know its exact name, and enter that information to connect.
Likewise, it’s good practice to turn off broadcasting of the NetServer. Again, this provides some protection by making it difficult for hackers to discover and navigate your systems. If a Guest profile is assigned to the NetServer, remove it.
Although much of the attention is focused on preventing hackers from gaining read-write access, system administrators should not neglect security with respect to read-only directories. In ransomware attacks, it is common practice for hackers to download information and retain a copy before they encrypt your data. Furthermore, attackers can do considerable damage to your organization simply by reading and exposing information in your IBM i system. If customer names and personally identifiable information are revealed, for example, your organization may suffer severe reputational damage and is likely to experience legal consequences as well.
A critically important security measure is to secure Root, which is open by default when IBM i systems ship. New directories created under Root inherit those permissions, which creates a security risk.
Experts also recommend securing your QPWFSERVER authorization list to restrict access to “QSYS.lib” from Windows Explorer and Navigator in cases where a share to Root is absolutely required.
It’s also good practice to segment your network, making it difficult for hackers to navigate and gain access to all of your systems.
Finally, educating your users is critical. Everyone in your organization should understand what a phishing email looks like, should know to avoid opening links within those emails, and should know who to call in the event that they receive potentially malicious messages.
Precisely has been working with IBM i systems for years. Our Assure security solution provides comprehensive malware defense, monitoring and reporting, data privacy, and access control capabilities for IBM i. If you are concerned about ransomware specifically, as every system administrator should be, then our Assure Security products can help you proactively manage security and establish confidence that your organization can operate with multiple layers of defense and minimal risk.
To learn more about securing your IBM i systems against ransomware and other malware attacks, watch our free on-demand webcast, Configuration Tips to Reduce the Risk of IBM i Malware Infection.
The post Protect Your Organization by Preventing Ransomware appeared first on Precisely.
There have been times when I am debugging a multi-thousand line program when I find a line of code that can look something like:
1414.00 dou (X = Const1) ;
I can see what value is in variable X. But my attempts to see what is in Const1 is met with:
EVAL Const1
Identifier does not exist.
Read more »
