Bruce Bading is a senior security consultant with more than forty years of information security experience and 25 years of corporate c-suite experience. He is an expert on IBM i security and has helped some of IBM's largest clients meet their security and compliance requirements in today's complex technology and business environments. Bruce has exceptional communications skills, has worked with diverse audiences at all business levels to provide training and education and has led dozens of large enterprise risk management projects for the world’s largest organizations. He is a member of the Information Systems Audit and Control Association, a CIS benchmark author, and professional threat hunter.
August 1, 2022 Bruce Bading
Privileged Account Management (PAM) is a keystone of cybersecurity. Everywhere we look PAM is a hot topic. How and why should we worry about it? IBM, Ponemon, Verizon, etc., tell you that it is vitally important to protect your endpoints from cyberattacks and insider threats. While the Verizon DBIR states that external threats account for 80 percent of security incidents, it points out their findings that show otherwise for incidents resulting in data compromise where the insider threat exceeded that of an outsider by more than 10 to one. Simply put by Verizon, “This supports the principle that …Read more
July 12, 2022 Bruce Bading
Hope you are doing well. I was reading this article about exit points and found some technical inaccuracies.
The Socket Exit can be used to cover the following: You can use exits block all unwanted ports blocked. I will be happy to talk with author of this article to explain how this works.
- Not all services have exit points available.
- User defined ports do not have exit points associated.
— Tony Perera, Trinity Guard, a division of Fresche Solutions
Hey, one and all:
As the article states, exit points are an enhancement to cybersecurity on the …Read more
June 27, 2022 Bruce Bading
Many years ago, we received a call from an IBM i customer stating that all exit points were gone and the QAUDJRN and receivers were missing. Then the question, “Do you think we’ve been hacked?” Truth was, the exit points weren’t gone; the associated programs had been de-registered. Conclusion, they had most likely been compromised.
The IBM i platform is a very securable system that can be secured (Secure vs Secured – What’s the difference?, WikiDiff), if you take steps to secure it.
On the IBM i, a limited number of functions provide an exit so that your …Read more
May 23, 2022 Bruce Bading
IBM i has long enjoyed a reputation of being one of the most securable application servers in the industry. IBM i object encapsulation or object-oriented architecture achieves a level of technology integrity not found in file-based systems such as Unix, Linux, and Windows – as long as QSECUTY is set to 40 or 50.
Let me remind what one of the lead signatories on the Agile …Read more
April 25, 2022 Bruce Bading
One of the greatest threats to any network, host, or server is unauthenticated access where an attacker can gain local or remote access with no credentials that can lead to a Critical rating with the following descriptions (CVSS v3.1 User Guide (first.org).
Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact Complete (There is a total compromise of system integrity, and a complete loss of system protection resulting in the entire system being compromised.)
Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render …Read more
March 28, 2022 Bruce Bading
Many times, we hear from IBM i business owners that their SIEM – that’s short for Security Information and Event Management – is their cybersecurity solution for the IBM i. But that can’t be true, and I want to explain why it is part of the security shield but certainly not all of it.
Let’s start with SIEMs and how they fit into cybersecurity frameworks. SIEM is mentioned in the PCI appendix, but not once in the core of the 250+ PCI DSS requirements, likewise, the NIST Cybersecurity Framework lists event monitoring as one of the 100s (1/100s) of NIST …Read more
February 28, 2022 Bruce Bading
While there are similarities between the two, a fire marshal has a preventive role and focus on preventing fire, whereas a fire fighter has a reactive role and focuses on the putting out the smoldering ruins.
When it comes to your firm’s cybersecurity practices, would you consider yourselves to be proactive or reactive (Fire Marshal or Fire Fighter)? The biggest difference between the two is your level of vulnerability when an attack does happen.
There are ongoing practices that you can do to reduce your risk. One thing that we recommend is included in every proactive cybersecurity strategy is a …Read more