OS/400 Alert: Native OS/400 Security Tools

by Shannon O'Donnell

In this issue, I'll tell you about some security tools for OS/400 that you can use to report on the status of your OS/400 security. I'll also tell you about a vulnerability in wireless networks and about IBM's latest cumulative and database PTF patches. Finally, our editor in chief wanted to let you know about a bounty program offered by Microsoft to capture hackers.

There are lots of things you can do to improve OS/400 security, including running the iSeries Navigator Security Wizard (look for more on this in a future issue of Midrange Programmer) or using iSeries Navigator to view the system security values. But that's not all you can do. You can also take advantage of the native OS/400 security tools menu to run a wide variety of security reports that will help you to lock down the security of your system.

Security Tools Menu

You can access the security tools menu by issuing the command GO SECTOOLS from a green screen menu. From the panel that then displays, you can run security reports that will, for example, check your system for user profiles that contain default passwords to what programs use adopted authority, as well as find out who has authority to certain commands. The security tools menu is a veritable cornucopia of security audits and controls awaiting only your nimble fingers to start them running. Here's a look at what's on this menu.

• Analyze Default Passwords: Running this command will display a message (and print a report) showing how many user profiles, and which ones they are, that currently have the factory set or user-defined default passwords (that is, QPGMR with a password of QPGMR). This command also tells you how many are enabled or disabled. Run this command just once on a new or semi-new system, and you'll be surprised, and frightened, by the results.
  
  
• Display Active Profile List: Use this menu option to view a list of user profiles that are always considered active (those that will not be disabled by the Analyze Profile Activity command function).
  
  
• Change Active Profile List: Use this menu option to add or remove user profiles from the list of profiles that are always considered active (those that will not be disabled by the Analyze Profile Activity command function). The profiles on this list will never be disabled, even if their non-usage exceeds the minimum value.
  
  
• Analyze Profile Activity: This menu option will determine whether user profiles have been inactive for a specified number of days.
  
  
• Display Activation Schedule: The option displays user profiles and their enabled or disabled date and time, collected from the Change Activation Schedule Entry menu option.
  
  
• Change Activation Schedule Entry: Use this option to collect a list of user profiles and their enabled or disabled date and time. This information will be displayed by the Display Activation Schedule menu option.
  
  
• Display Expiration Schedule: This menu option displays a list of user profiles, along with their expiration date and the expiration action to be taken (that is, for instance, *DLT or *CHGOWN). This information is gathered using the menu option Change Expiration Schedule Entry.
  
  
• Change Expiration Schedule Entry: Use this menu option to gather the list of user profiles and their expiration date and action to be taken.
  
  
• Print Profile Internals: Use this menu option to print a report showing the number of entries in a user profile, which directly affects that profile's size.
  
  
• Change Security Auditing: This lets you change the system security values for auditing security functions.
  
  
• Display Security Auditing: This displays system security values for auditing security functions.

In addition to the above commands, the following reports may also be run from this menu:

• Submit or Schedule Security Reports to Batch
• Adopting Object
• Audit Journal Entries
• Authorization List Entries
• Command Authority
• Command Private Authority
• Communications Security
• Directory Authority
• Directory Private Authority
• Document Authority
• Document Private Authority
• File Authority
• File Private Authority
• Folder Authority
• Folder Private Authority
• Job Description Authority
• Library Authority
• Object Authority
• Private Authority
• Program Authority
• Program Private Authority
• User Profile Authority
• User Profile Private Authority
• Job and Output Queue Authority
• Subsystem Authority
• System Security Attribute
• Trigger Programs
• User Objects
• User Profile Information

This Week's Nasty Windows Worries

W32.HLLW.Bereb: This worm spreads using the WinMX file-sharing program, which, I guess, is justice of a sort for anyone downloading software and music without paying for it.

W32.Hostidel.Trojan: Are you using the Windows HOSTS table to do name resolution to your iSeries or other TCP/IP-based servers or Web sites? If so, you'll be interested in this virus, which overwrites the Windows HOSTS file.

VBS.Bryon@mm: This spreads via e-mail and contains the message "mail delivery failed: returning message to sender" in its header.

Trojan.Bedrill: This virus, spread by e-mail, sends spam to other users from your infected system.

W32.Mimail.H@mm: This virus attempts to steal your credit card information by displaying a Web page asking you to enter it. Once entered, the information is saved and sent by e-mail to the virus authors.

Microsoft Offers Bounties on Hackers' Heads

If you are a typical OS/400 shop, you have one or more Windows servers, and the Windows boxes cause you more headaches than any other machine in your shop because of viruses, worms, and other security threats. Microsoft did something last week that might actually make your life better in the long run: It put a bounty on the heads of hackers who get a kick out of creating worms and viruses to attack Windows. Because viruses like SoBig and MSBlast are causing much irritation to hundreds of millions of users, not to mention billions of dollars of economic damage and lost productivity worldwide, the software giant is taking a new tack in fighting hackers, who tend to target its Windows platform. Microsoft announced it will give $250,000 each to the person who rats out the hackers behind SoBig and MSBlast. The company also has created a $5 million bounty kitty to chase down hackers of future viruses. Some doubt that this will be enough money, but it's a start.

Wireless Access Points Are Vulnerable to War Walkers

Most wireless computer-geeks know about the concept of "war walking." It's when someone with a PDA or another wireless device walks around a city, looking for "hot spots" where they can gain free access to wireless Internet service. A hot spot occurs when a wireless network is set up in an office somewhere but is left unsecure. That is, the wireless network does not contain encryption. And just like when the non-smoking section of a restaurant is invaded by the cigarette smoke from the smoking section, the air waves around a building where a wireless network is installed is invaded by the wireless network itself, leaving it available to anyone standing outside that building. In many cities, these so-called war walkers travel around a city locating these hotspots and then creating a map of them. The map is then posted on the Internet. Many war-walkers also leave a special chalk mark on the side of a building, which identifies that building to other war walkers as a one that can be hijacked for Internet access. And if that weren't enough, there are many utilities and Web sites out there, like http://airsnarf.shmoo.com, that allow you to not only gain access to an unencrypted wireless network but to also log in and steal user IDs and passwords from that network. For more information on this hot new security vulnerability, do a Google search on war walking.

PTFs and Fixes for OS/400 and Related Programs

The latest cumulative package from IBM for V5R2 customers continues to be the one that came out on September 9. The latest HIPER package was released November 11, so you'll want to grab this one if you're not current. The database group PTF was also updated on November 11. You should order and install this one, and then you will be good to go through the end of the year. For complete details on this week's recommended fixes, go to IBM's PTF site.

Sponsored By PROFOUND LOGIC SOFTWARE

RPGsp users don't settle for less! Why settle for a tool that's just an application builder, or just a server, or just a designer, or just a green-screen converter? You need an integrated Web development tool that can do all of the above. And you need the best! RPGsp has what you need. Don't settle for less. Free trial and information at www.RPGsp.com