April 18, 2022 Alex Woodie
HelpSystems last week officially unveiled its annual State of IBM i Security report, the 18th straight year for the series. Like with past reports, the 2022 version highlights some of the continuing challenges that IBM i customers face when trying to secure their systems. A few key areas stand out above the rest.
The IBM i server is a bit of an enigma when it comes to security. While it is widely perceived to be one of the most secure computing platforms on the planet – and “virus-proof” to boot – the reality is that a good number of IBM …Read more
April 24, 2017 Alex Woodie
The latest installment of the annual State of IBM i Security was released last week by HelpSystems, and the results were about what you would expect: most IBM i servers are basically wide open for abuse.
In a webinar last week, HelpSystems director of security technologies Robin Tatam discussed the findings of the report, which was based on security assessments conducted on 332 systems during 2016. He broke the findings down into seven core areas that should be addressed, including system security levels; administrative privileges; passwords and user profiles; data and program permissions; network access and exit programs; audit trails; …Read more
May 18, 2015 Alex Woodie
When you talk to IBM about the IBM i-on-Power platform, the word “security” is used extensively, and appears frequently next to other power words like “reliability” and “availability.” But when you talk to the security software vendor PowerTech about the state of IBM i security, you might be surprised to hear words like “wide open” and “breach fatigue.” Then again, if you have been an IT Jungle reader for very long, you may not.
Last month, PowerTech released its 12th annual State of IBM i Security Study. The 25-page report, which you can download from the company’s website,
May 19, 2014 Alex Woodie
Organizations are taking unnecessary risks by neglecting to properly secure their IBM i environments, according to PowerTech‘s 2014 State of IBM i Security report, which it released last week. While PowerTech spotted all kinds of security shortcomings–ranging from too many powerful profiles to using lax security levels–the most glaring problem may have to do with poor password management.
Bad password hygiene leaves IBM i shops open to external hackers and internal threats, PowerTech says. You are not going to find Heartbleed-level password problems, where billions of once-trusted passwords instantly became vulnerable overnight. But considering the level of fine-tuning that’s
May 21, 2012 Alex Woodie
IBM i shops are still failing to enact basic security safeguards to prevent unauthorized access of the data in their systems, according to PowerTech, which issued its annual State of IBM i Security report this month. Even when it comes to basic security concepts, like changing default passwords, minimizing user permissions, and monitoring exit points, the average IBM i shop fails spectacularly. The upshot is that most shops are gambling with their data, with a heavy bet placed on “security through obscurity.”
If it was a video conference, PowerTech director of security technologies Robin Tatam would have been seen
May 11, 2022 Alex Woodie
It’s often said that IBM i is one of the most securable server platforms on the market. But all too often, customers don’t take the time to properly configure it, leaving their applications and data at risk. With IBM i 7.5, IBM is taking aim at security and delivering a system that is more secure when it ships from the factory.
From default settings to the elimination of some options, IBM has taken several steps to make IBM i more secure by default. IBM i security expert Carol Woodbury, a former security IBM architect for OS/400 and now the co-founder …Read more
May 11, 2022 Doug Bidwell
So here is what’s new. Here is a notice at the top of the Fix Central Home Page: “Your action may be required. IBM will implement infrastructure improvements to electronic fix distribution on June 4, 2022. IP and hostnames will change for servers that support fix delivery. New connections are required. You must configure your firewall and proxy server if you have a firewall in your network, or if your machine uses a proxy server to access the internet. Please see preparing firewalls and proxies.”
And here is another note from the PTF Cume Cover Letter: “IMPORTANT: Permanently apply any …Read more
May 4, 2022 Miranda VanHorn
The bi-annual State of IBM i Modernization survey needs your perspective!
Profound Logic’s State of IBM i Modernization Survey looks at trends and attitudes that shape the IBM i modernization market. The data collected gives the entire community a better understanding of the current state of the IBM i and the priorities of businesses with a similar tech stack.
The report created from this survey provides the community with essential data, and pre-pandemic we reached out to the IBM i community every year and collected hundreds of data points on how businesses plan to use and modernize the platform in …Read more
May 3, 2022 Alex Woodie
Big Blue today announced IBM i version 7.5, the first new version of the operating system in three years. Among the big new features with this release are enhancements to Db2 Mirror, better security configurations, and new database features. A new modernization framework called Merlin and a new IBM i subscription option were also unveiled by IBM, which also announced IBM i 7.4 Technology Release 6.
One of the big headlines with the IBM i 7.5 announcement is Merlin, which IBM says stands for the Modernization Engine for Lifecycle Integration. Merlin provides a lightweight, browser-based development environment for creating new …Read more
April 25, 2022 Bruce Bading
One of the greatest threats to any network, host, or server is unauthenticated access where an attacker can gain local or remote access with no credentials that can lead to a Critical rating with the following descriptions (CVSS v3.1 User Guide (first.org).
Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact Complete (There is a total compromise of system integrity, and a complete loss of system protection resulting in the entire system being compromised.)
Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render …Read more