CCSS Targets Security Issues in ‘Best Practices’ Guide
January 18, 2011 Alex Woodie
Systems management software firm CCSS has written a new best practices guide aimed at enlightening administrators about the ramifications of security breaches in the IBM i OS. The four-page paper encourages admins to think not only about the data lost to cyber criminals eager to hack their systems, but also about unintended security breaches hurting system availability.
One doesn’t usually think of CCSS as a security software company. After all, the U.K. firm’s main field of expertise is systems management and monitoring of IBM i servers, not exit points or users with ALLOBJ authority. Keeping the server running efficiently with the least amount of effort is the bailiwick for CCSS, which only recently started delving deeper into IBM i security issues, such as with its support for security audit journals in its QMessage Monitor (QMM) offering.
But with its new paper, titled “The Ghost in the Machine,” CCSS draws a convincing line connecting good systems management with solid security practices. In many situations, the first line of defense following a security breach is a monitoring tool that can detect the problem.
For example, CCSS cites one case of an American logistics company that experienced a security breach. The company, which didn’t know its system was compromised, was forced to spend lots of money to activate additional capacity on its System i server when it was unable to detect the cause of a runaway job. Better systems management and monitoring could have kept the customer more informed on the state of the system, saving it money.
It comes down to covering “hot spots” of risk in a System i environment, says CCSS product manager Paul Ratchford.
“When we talk about security issues, it’s not just a malicious threat from the outside,” he says. “It also includes situations that breach internal protocols that are not driven by any sort of sinister motivation and also, the circumstances that can leave the system vulnerable to attack, whether one occurs or not. The guide aims to assess these common areas of risk exposure and offers solutions to eliminate them.
To download the new best practices guide, go to www.ccssltd.com/resources/best-practice.php.