Day: May 18, 2022

May 2022 Newsletter

This newsletter includes:

IBM announced IBM i 7.5 with a host of new features and functions at the beginning of the month.   Plenty of security enhancements, DB2 for i enhancements, general OS improvements, DB2 Mirror for i, and of course Merlin.  Merlin stands for Modernization Engine for Lifecycle Integration.…

Do You Know Where Your Audit Journal Receivers Live on Your System?

Do You Know Where Your Audit Journal Receivers Live on Your System?

QAUDJRN is the default IBM Security Audit Journal, located in QSYS. This is the journal name and library where user activity is logged. QAUDJRN should be configured on your system, this is how you can document your user activity. Remember, this is your evidence if you ever had a cyber-attack.  The main issue with the QAUDJRN is the management of the journal receivers, these can get quite large and take up disk space if not managed correctly. The default for the audit journal receivers is QSYS.  You really want to change this to give you more options to manage your receivers. When you audit journal receivers live in QSYS, your backup is only saving them when you are in a restricted state and running a full option 21 or option 22 save. This can add time to your backup and most cannot do a restricted state backup weekly or nightly. If you are not properly cleaning up your receivers, you will save the same old receivers and add time to your save. You may have an application that will manage these for you such as security or replication software which is helpful. You want to look at how those applications clean up receivers and how they coincide with your backup routine.

Below are some basic steps to move your audit receivers, remember we are only moving receivers, Journal object QAUDJRN will always live in library QSYS. Create a library where you would like to keep them and move the receivers to that library. You can then backup your receivers anytime.  Make sure the backup has a retention date for the length your business would like to keep. You can also create a backup just save the receivers so you can restore them if you need to investigate user activity.

1. Create a Library for receivers to be restored

2. Create a new journal receiver

3. Associate the new journal receiver with the change journal command

More from this month:

Protecting your IFS with Anti-virus and Anti-ransomware Solutions

Protecting your IFS with Anti-virus and Anti-ransomware Solutions

We’ve said it before, and we will continue to say your IBM i may not be secure. There’s a lot of misconception about the IBM i and whether your system can become infected with a virus or ransomware attack. Let me be clear, your IBM i can get infected, and your data can be encrypted. We’ve seen it happen. We’ve done it to prove a point, and we’ve helped customers recover. It’s highly securable; however, you need to do the work to ensure adequate controls and solutions to help protect your data.

Protecting your IBM i requires a layered approach where you implement system controls, user controls, and object controls and put solutions in place to help identify potential risks and even take action to resolve them. There isn’t one size fits all solutions, and there isn’t a magic bullet for getting it done. It requires some analysis and planning to ensure that the users can do what they need to, but they have the least authority.

Protecting your IFS from anti-ransomware attacks and viruses was something we thought we didn’t need to worry about with the IBM i. We thought the IBM I database was protected. It was at one time, but now the IFS creates a new vulnerability and one that people didn’t even realize existed: root shares. With a root share, someone can access the entire IBM i. That’s right, and they can get to your IBM file systems. From there, they can destroy your data.

The good news is that you can implement solutions to help protect your data from those who wish to harm your business. Raz-Lee provides both Anti-Virus and Anti-ransomware solutions for IBM i.  iTech has been selling this solution to our customers to help them implement another layer of protection around their data

Anti-virus and Anti-ransomware solve separate issues.

Viruses are malicious code that attaches itself to a file. Viruses can be automatically executed through websites or files and even spread across networks. You should never click on a link in an email from an unknown source, and even then, you need to verify it’s a credible link.

Ransomware attacks encrypt your files, and the contents of mapped drives and cloud storage, preventing you from being able to access your data. The purpose of the attack is to get you to pay for the key to unencrypt your data. One customer reported …

Information Technology – Proactive or Reactive Perspectives

Information Technology – Proactive or Reactive Perspectives

I’ve been working in sales and sales management roles in the IT field for my entire career.  Along the way I’ve noticed there are very different perspectives on managing IT infrastructure which boils down to two basic philosophies which are Proactive and Reactive.  I generally can identify which camp a company is in after an initial introduction or discovery call.

I’ll start with Reactive.

These are companies that view information technology as a necessary evil.  These are companies that focus specifically on trying to save or not spend money on technology.  They live by the classic “it ain’t broken don’t fix it” mantra. These are companies where the perspective is if something is working well then why would you want to change it?   Examples are companies where once an IT platform is set up and running it’s left alone without any proactive fixes.  These include not staying current with vendor hardware, operating systems, and software application updates. Companies with this mindset are typically reluctant to pay for software & hardware maintenance and applications software maintenance or support.  They also often roll the dice on using third-party maintenance providers to save cost. These types of companies typically do not emphasize testing backup procedures and implementing Disaster Recovery or High Availability strategies.  In the past, there was something to be said for this perspective as many companies live and die with this approach to IT.  It boils down to the cost versus the risk of managing your IT environment.  Can you live with “flaky” or intermittent software and operating system issues?  Can you sleep at night not knowing if you could recover your IT environment in the event of a disaster?  These are the thoughts that are always in the back of your head or should be.

The flip side of this is taking a proactive approach to IT technology.

Companies with this approach view information technology as a business tool to drive growth, innovation, improve productivity and increase their competitive edge in their markets.  These companies are the opposite of what was previously discussed.  They stay current with hardware, software, and application updates.  They are constantly improving their business processes.  They have established and tested business continuity plans in the case of a disaster.  They should be able to sleep well at night.

So which camp do you fall in?  The reactive crowd thinks they are saving money by not evolving …