• Guru: The Finer Points of Exit Points

  June 27, 2022 Bruce Bading

  Many years ago, we received a call from an IBM i customer stating that all exit points were gone and the QAUDJRN and receivers were missing. Then the question, “Do you think we’ve been hacked?” Truth was, the exit points weren’t gone; the associated programs had been de-registered. Conclusion, they had most likely been compromised.

  The IBM i platform is a very securable system that can be secured (Secure vs Secured – What’s the difference?, WikiDiff), if you take steps to secure it.

  On the IBM i, a limited number of functions provide an exit so that your …

  Read more

• IBM i PTF Guide, Volume 24, Number 16

  April 20, 2022 Doug Bidwell

  It is a new week, and there are two new security vulnerabilities in the IBM i platform. First, there is Security Bulletin: IBM WebSphere Application Server Liberty for IBM i is vulnerable to spoofing and clickjacking attacks due to swagger-ui (CVE-2018-25031, CVE-2021-46708), which you can read more about here. The IBM i PTF numbers containing the fix for the CVEs:

  IBM i Release      5770-SS1 PTF Number      PTF Download Link

  7.4                          SI78971                                https://www.ibm.com/support/pages/ptf/SI78971

  7.3                          SI78972                                https://www.ibm.com/support/pages/ptf/SI78972

  7.2                          SI78973                                https://www.ibm.com/support/pages/ptf/SI78973

  Then there is Security Bulletin: OpenSSL for IBM i is vulnerable to a denial of service due to a flaw in …

  Read more

• Top Five Failures In State of IBM i Security For 2022

  April 18, 2022 Alex Woodie

  HelpSystems last week officially unveiled its annual State of IBM i Security report, the 18th straight year for the series. Like with past reports, the 2022 version highlights some of the continuing challenges that IBM i customers face when trying to secure their systems. A few key areas stand out above the rest.

  The IBM i server is a bit of an enigma when it comes to security. While it is widely perceived to be one of the most secure computing platforms on the planet – and “virus-proof” to boot – the reality is that a good number of IBM …

  Read more

• Glimpsing Hope in the IBM i Security Situation

  April 6, 2022 Alex Woodie

  These are dark days in the security business, thanks to the boom in ransomware, the looming threat of cyberwar with Russia, and the poor security of IBM i servers. But just as it’s darkest before the dawn, there could be some preliminary indications that the IBM i community is finally starting to wake up when it comes to securing their most important applications, systems, and data.

  It’s hard to be optimistic in the face of repeated failures. When it comes to IBM i security, those failures have been well-documented in annual State of Security reports for nearly two decades by …

  Read more

• IBM i Community Predictions For 2022, Part 1

  January 10, 2022 Alex Woodie

  While the month and year ostensibly are just values in the date field, when the calendar flips over from December to January, things feel different. There’s a greater sense of hope and optimism for what the new year will bring. Coming off another calamitous year filled with COVID-19, perhaps it’s we need that even more so this year.

  It has become an IT Jungle tradition to ask members of the IBM i community at the start of the year for their predictions. This year is no different, and so we’ll kick off the first part of our (most likely) two-part …

  Read more

• Security Threats, They Are a Changin’

  November 17, 2021 Alex Woodie

  Ransomware came into 2021 like a lion, but rather than going out like a lamb, it seemed to get bigger and meaner. Even IBM i shops, which so often are protected from the wider security storm, felt the panic and sense of helplessness of having their previous data held for ransom. But early indications are that the security threat we’re talking about this time next year may be entirely different.

  It’s tough to overestimate the impact that ransomware had on American businesses and other institutions through the course of the year. We had indications that something big was unfolding a …

  Read more

• Want to Talk IBM i OSS? Head Up the Ryver

  September 1, 2021 Alex Woodie

  The world of open source moves quickly, and it’s no different on the IBM i platform, where open source is being rapidly adopted by companies large and small. IBM i professionals who want to keep up to speed with the latest may want to check out a community of IBM i open source enthusiasts that was created on Ryver.

  Ryver (pronounced “river”) is a next-gen communications portal that’s taking on Slack, Microsoft Teams, and others. Like chatrooms and mailing lists, Ryver allows people to have open discussions, as well as private chats and focused conversations. There is also the …

  Read more

• One IBM i Shop’s Close Call With Ransomware

  July 28, 2021 Alex Woodie

  Think the ransomware epidemic won’t affect you, that it’s somebody else’s problem? After reading this story about one IBM i shop’s recent experience with cybercriminals, it may have you thinking twice about your approach to security.

  Greg is the IT manager at a midsize distribution company located in the South. IT Jungle is abiding by his request to keep his last name and the name of his company out of this article. But Greg was determined to share his story with the wider IBM i community, in the hopes that it will spur them to take the ransomware threat seriously, …

  Read more

• Controlling IBM i Access With Exit Points

  March 29, 2021 Bill Hammond

  Today, the job of managing security on IBM i can be complicated, requiring dynamic technologies and processes that can respond quickly to ever-evolving threats and new regulations. Ransomware and other malware can, and has, infected IBM i systems and effective access control is a major weapon in the battle to secure your IBM i. There are many different approaches and technologies you can use to keep your IBM i secure.

  Using the exit points provided by the IBM i operating system can be a powerful tool to monitor and secure four important levels of access within the IBM i:

  • Networks

  …

  Read more

• Locking Down Exit Point And IFS Vulnerabilities On IBM i

  March 24, 2021 Pauline Brazil Ayala

  It’s true that the IBM i server is among the most securable servers on the planet. But all too often, customers do not take the time to secure their environments properly. This is particularly true for two of the most oft-neglected components of the IBM i environment: exit points and the IFS.

  IBM introduced exit points with the launch of OS/400 V3R1 way back in 1994. We remember that version well here at Trinity Guard, because soon after that, we developed the industry’s first exit point monitoring software for the AS/400 at PentaSafe, the spiritual predecessor of our company. …

  Read more

Previous Articles