OS/400 Alert: Native OS/400 Security Tools
by Shannon O'Donnell
In this issue, I'll tell you about some security tools for OS/400 that you can use to report on the status of your OS/400 security. I'll also tell you about a vulnerability in wireless networks and about IBM's latest cumulative and database PTF patches. Finally, our editor in chief wanted to let you know about a bounty program offered by Microsoft to capture hackers.
There are lots of things you can do to improve OS/400 security, including running the iSeries Navigator Security Wizard (look for more on this in a future issue of Midrange Programmer) or using iSeries Navigator to view the system security values. But that's not all you can do. You can also take advantage of the native OS/400 security tools menu to run a wide variety of security reports that will help you to lock down the security of your system.
Security Tools Menu
You can access the security tools menu by issuing the command GO SECTOOLS from a green screen menu. From the panel that then displays, you can run security reports that will, for example, check your system for user profiles that contain default passwords to what programs use adopted authority, as well as find out who has authority to certain commands. The security tools menu is a veritable cornucopia of security audits and controls awaiting only your nimble fingers to start them running. Here's a look at what's on this menu.
In addition to the above commands, the following reports may also be run from this menu:
This Week's Nasty Windows Worries
W32.HLLW.Bereb: This worm spreads using the WinMX file-sharing program, which, I guess, is justice of a sort for anyone downloading software and music without paying for it.
W32.Hostidel.Trojan: Are you using the Windows HOSTS table to do name resolution to your iSeries or other TCP/IP-based servers or Web sites? If so, you'll be interested in this virus, which overwrites the Windows HOSTS file.
VBS.Bryon@mm: This spreads via e-mail and contains the message "mail delivery failed: returning message to sender" in its header.
Trojan.Bedrill: This virus, spread by e-mail, sends spam to other users from your infected system.
W32.Mimail.H@mm: This virus attempts to steal your credit card information by displaying a Web page asking you to enter it. Once entered, the information is saved and sent by e-mail to the virus authors.
Microsoft Offers Bounties on Hackers' Heads
If you are a typical OS/400 shop, you have one or more Windows servers, and the Windows boxes cause you more headaches than any other machine in your shop because of viruses, worms, and other security threats. Microsoft did something last week that might actually make your life better in the long run: It put a bounty on the heads of hackers who get a kick out of creating worms and viruses to attack Windows. Because viruses like SoBig and MSBlast are causing much irritation to hundreds of millions of users, not to mention billions of dollars of economic damage and lost productivity worldwide, the software giant is taking a new tack in fighting hackers, who tend to target its Windows platform. Microsoft announced it will give $250,000 each to the person who rats out the hackers behind SoBig and MSBlast. The company also has created a $5 million bounty kitty to chase down hackers of future viruses. Some doubt that this will be enough money, but it's a start.
Wireless Access Points Are Vulnerable to War Walkers
Most wireless computer-geeks know about the concept of "war walking." It's when someone with a PDA or another wireless device walks around a city, looking for "hot spots" where they can gain free access to wireless Internet service. A hot spot occurs when a wireless network is set up in an office somewhere but is left unsecure. That is, the wireless network does not contain encryption. And just like when the non-smoking section of a restaurant is invaded by the cigarette smoke from the smoking section, the air waves around a building where a wireless network is installed is invaded by the wireless network itself, leaving it available to anyone standing outside that building. In many cities, these so-called war walkers travel around a city locating these hotspots and then creating a map of them. The map is then posted on the Internet. Many war-walkers also leave a special chalk mark on the side of a building, which identifies that building to other war walkers as a one that can be hijacked for Internet access. And if that weren't enough, there are many utilities and Web sites out there, like http://airsnarf.shmoo.com, that allow you to not only gain access to an unencrypted wireless network but to also log in and steal user IDs and passwords from that network. For more information on this hot new security vulnerability, do a Google search on war walking.
PTFs and Fixes for OS/400 and Related Programs
The latest cumulative package from IBM for V5R2 customers continues to be the one that came out on September 9. The latest HIPER package was released November 11, so you'll want to grab this one if you're not current. The database group PTF was also updated on November 11. You should order and install this one, and then you will be good to go through the end of the year. For complete details on this week's recommended fixes, go to IBM's PTF site.
Editors: Shannon O'Donnell, Kevin Vandever
Managing Editor: Shannon Pastore
Contributing Editors: Howard Arner, Raymond Everhart,
G. Wayne Hawks, Joe Hertvik, Ted Holt, Marc Logemann, David Morris
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.
|Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.|