Day: June 22, 2021

Advanced Security Testing: Moving to Standardized Security Testing

We have been talking about routine vectors that can be exploited to access any system, including IBM via the IFS. Importantly, as environments have become more multifaceted other areas of the business may have vulnerability. Protecting the organization requires we have a testing approach that accounts for all the factors that can breach our security. In the next set of articles, we are going to look at advanced security tests and how to organize them.

It is important to always begin with assessing what we care about and why, and how we are doing things today as well as what we have identified as existing procedures.

 

Testing is all about mitigating risks, since we can never eliminate everything entirely, and identifying the same to the stakeholders so relevant decisions can be made. Building on the general risk management covered earlier we move into security risk assessments. Start with what is important to the business, the mission, function, image, and reputation. An ironic fact of QA is some of the issues that have the least impact on the actual business and customers are the most embarrassing and ones that no one ever sees are the most damaging. We want to know what can hurt our assets, individuals, other entities, etc.

 

Next, we need to link these areas to loss of confidentiality, integrity, information, or system access.

 

Organizing the above would involve a matrix combining risk on a scale of impact and the importance of the artifact. From there we move into existing security policies and procedures. Knowing what we believe we are protecting and preventing, and proving that correct is tremendously important for a baseline.  The business needs to define things such as acceptable use, minimum access, network access, remote access, internet access, managing users, data protection and classifications, configuration and change management, server security, mobile, guests, physical security, and user practices (don’t put passwords under your keyboard), passwords policy (long beats difficult and changing often isn’t proven to make an appreciable difference), malware protection, incidents, auditing, software licensing (out of date software is a known danger), electronic monitoring and privacy, security procedures. The list seems daunting, however, if we look at that last sentence as a way to organize our efforts the overall test plan starts to look like an elephant we can eat, albeit one bite at a time.

Next entry portion is the auditing component.

POWER9 Install LAN Console Bug

Here is a quick heads up if you are planning to install a POWER9 system using LAN console.

A major bug was found in Client Access Solutions 1.1.8.7 recently that prevents you from establishing LAN console sessions on systems where the SSL certificate has not been accepted yet. This is especially troublesome when the system has just been pulled out of the box and you cannot proceed with configuring it. Details of this problem and the solution can be found here.

To make matters even worse, there is now another bug that is preventing LAN console from connecting on new systems.

On recently shipped POWER9 systems there is a defective A side PTF that is preventing LAN console sessions from being established. The message ID that shows up is MSGSSL001. This is very similar to the error above, but that message ID is MSGSSL002. The simple solution to this problem is to shut the system down, change the control panel to boot from the B side, and then start the system again. You will then likely run into message ID MSGSSL002 if you’re using ACS 1.1.8.7, and then you’ll need to use the above workaround.

Be sure to pass this information along to any friends or co-workers who may be setting up a system soon. This will make their day much brighter!

More from this month:

PWRDWNSYS Taking Forever After a Full System Save?

Quite frequently we encounter customers who explain to us that when they execute a PWRDWNSYS (Power Down System) command immediately following a full system save the system appears to “hang” and take forever to power down.

The scenario is always the same, they did a full system save (for example, a GO SAVE option #21) and then as soon as the full save has completed they invoke the PWRDWNSYS command (with either RESTART(*YES) or RESTART(*NO) specified, it doesn’t matter) and then the system appears to “hang” with the system displaying the SRC code “D6000298” for the partition for an extended period of time.  Once the SRC code disappears, the system powers down shortly thereafter.

We see this condition primarily on systems that have a large number of objects in the IFS (often, in the millions!) and large amounts of main memory allocated to the system/LPAR.

So, why does this happen?  This happens by design, and here’s why…

 

Save operations on IBM i create changed pages in main system memory, and once a page in main memory is changed as a result of the save operation, it needs to be written back out to disk so the change isn’t lost if the system is shutdown.  If you are backing-up an IFS that has millions of files in it then that could very well mean that when the save of the IFS is finished you have millions of pages hanging out in main system memory that need to be written back out to disk before the system can be safely shutdown, this is integral to the storage management architecture of IBM i.  The system SRC code “D6000298” is coming from the storage management function and it signifies that the system is currently doing its job and moving pages in main storage (main memory) back out to disk.

Now, how can you speed up your system’s power-downs after you do a full save?

 

Well, the first way is obvious, simply try to avoid invoking the PWRDWNSYS command immediately after you save your system, especially when your system has a large number of files in the IFS, but that isn’t always a practical (and realistic) resolution.  The most efficacious approach is to simply have storage management use a faster method to move all those changed pages in main memory back out to disk before the PWRDWNSYS command executes, and that …

Evaluating the State of Your IBM i Security

We are all aware of the Colonial Pipeline and JBS ransomware attacks recently reported in the news.  Ransomware is a significant threat to businesses around the world. The problem isn’t that people don’t consider the risks. It’s that they don’t know for sure if they are protected.  They put controls in place but don’t take steps to ensure that those controls are adequate, leaving them with a false sense of security.

Some companies are a bigger target than others, but there is no denying that the threat is real and that any company can be affected.  According to Check Point Research, ransomware attacks are up 300% in the past nine months.  We have had to recover as many companies IBM i environments in 2021 due to ransomware attacks as we did in all of 2020.  Luckily, these companies had a good backup and only lost a small amount of data.  Now they are serious about investing in security remediation, but the damage is done.…