iTech Solutions - for all of your IBM i System needs

IBM i Tech Tips

Posted on January 23, 2019
Steve Pitcher

Sure you can use ANZDFTPWD (Analyze Default Passwords) to get a list of IBM i users with default passwords. You can also use some simple SQL in conjunction with the USER_INFO IBM i service in QSYS2 to do the same thing…but better.

To get the standard ANZDFTPWD report you can run the following statement:

So why use SQL?

ANZDFTPWD gets you everything you really need to determine who has a default password right? Well, yes. However, ANZDFTPWD doesn’t give you the full picture or allow you to be proactive. It doesn’t gauge severity of those user profiles in the result set either. ANZDFTPWD just shows you what accounts have default passwords, if the account password is set to expire and if they’re enabled or not.

(more…)
6 Steps to Execute an IBM i Security Project
Posted on November 26, 2018

laurie_itech

Laurie LeBlanc, iTech Solutions

Regulations (FISMA, HIPPA, SOX, and more) are forcing companies to evaluate how they protect their sensitive data. Industries such as finance, insurance, and healthcare have the most pressure to comply with these regulations which are geared towards protecting consumer’s private information.  The issue is that companies may not understand how to properly secure their data to protect their consumers.

Any good security plan takes a layered approach to protect data.  You have to consider where the data resides and how someone could gain access to it.  Then you have to put controls in place to ensure that you put as many roadblocks in place as possible to prevent unauthorized access.

There are many approaches you can take to ensure you are complying with regulations and protecting your companies information.

(more…)

Posted on October 19, 2018

There is an audit log to monitor service function use by service tools users.  You can monitor the use of service functions through the dedicated service tools (DST) security log or through the IBM i security audit log. These logs help you trace unusual access patterns or potential security risks.  Below is information on how to access these logs for reference and use.

To work with the Service Tools security log, complete the following steps:

1) Access service tools using DST on the console (To force a Dedicate Service Tools (DST) sign on for a partition), you have 2 ways depending on how your console is connected.

(more…)

Posted on October 12, 2018

Steve Pitcher, iTech Solutions

If you’re looking to make improvements to your IBM i security, then you need to be able to get your whole team on the same page, which sometimes can mean common oppositions.

But, does your team know the scary truth on the other side of those rebuttals?

Here are a number of counterpoints to help you make security a priority in your shop.

1. We trust our employees

It is important to hire those you trust and to maintain relationships to continuing to vet security worthiness. However, realism is called for as well.

Do you give all employees full access keys to your manufacturing facility? Do you give them all company credit cards? How about full access to your financial systems?

(more…)

Posted on September 25, 2018

Phil Pearson, Cheif Information Security Officer

Managing a large and complex server like the IBM i, can be daunting. Add to this the fact that you may have Scaling Up/Down/In/Out, need to control High Availability and Monitoring, Patching, Manage Backups and Restores, you have to ensure the OS is kept up to date. Even the fundamentals such as security and configuration can take significant expertise.

To do this, you need the right skills, operational procedures while maintaining a best practice approach while adhering to stringent Internal/external governance.

Imagine if all you had to do is manage your database, or like many of our customers; they only have to manage Database Clients and Queries, Create Indexes and Maintain referential constraints between tables.

A managed service partner takes care of everything else; this will include:

Managed IBM i High availability using Multi-LPAR topologies, which provides an SLA up-time of 99.95%.

With the Multi-LPAR features enabled on your production server, iTech provides asynchronous “standby” replica of every database and system across multiple systems. Since both the database and its replica are in sync, there is no chance of data loss. iTech manages the whole process, and also offers a fully managed failover service, so even if the master production database goes down, an automatic failover mechanism will change the master DNS to a replica to achieve high availability.

This same technology also offers us the chance to move other workloads off the production, such as Queries and backups. This can have a huge benefit on busy production databases.

To do all of the above on IBM servers, you would need significant investment in infrastructure, software and additional off grid premises, to house the standby systems; this would be expensive, and self-managed.

IBM i scalability is difficult, to do this your own would require time, money and training. Handling mandatory downtimes due to upgrades or infrastructure requirements can be tricky, and this is just the beginning of the many scalability responsibilities. That is why one of iTech’s key advantages is its scaling service. You need more capacity to test a new feature, or you want a second system to try out a new application, we have a solution. Moreover, iTech MSP offers two levels of scalability features: vertical and horizontal.

Security Managed Services –

We enable push-button IBM i security with a scaling component depending on your needs. After a small amount of analysis, we will have turned on every inch of monitoring that is possible on the IBM i server. iTech will monitor all of your events and separate the events of the system from the Security events. This level of control allows you to sit back and wait until we have something to tell you.

Risk Management –

In a secure environment, you MUST understand the risk, and you MUST have control over the risk. The very minimum control is security event monitoring. Risk acceptance is key, but to understand the risk, you must first have a process of continuous security analysis. Imagine having around the clock operations focused on just security events. .iTech MSSP has everything you need for Security event Monitoring irrespective of peak business hours or non-peak hours, at iTech we never stop.

Interim CISO –

If you want to get to grips with your risks, or you have legislative requirements to build a bulletproof CyberSecurity model, iTech has introduced a fully inclusive cybersecurity service that requires a variety of skills. These skills include project leadership, risk management, technical expertise, and compliance. An Interim CISO (Chief Information Security Officer) is an efficient solution as they have many responsibilities for ongoing security within the organization.

This is a great alternative to an industry-wide problem without the cost of hiring an in-house security team.

Featuring:

  • A complete Information Security Audit of people, processes and technology.
  • Data Protection – creating processes and procedures for the business
  • An Information Risk Register identifying all assets and processes that could be subject to a security threats
  • Policy Creation of how risks will be evaluated and assessed while considering the business, legal and regulatory requirements of the organization.
  • A Gap Analysis Report highlighting the areas of improvement required.
  • A Security Improvement Process. This process will monitor and consistently manage security improvements within the business.

In short, we will identify and implement a fully working Risk Register. (Enterprise-wide) we will establish a Risk Committee that will be driven to work through the remediation and report to the committee weekly.

MSP_ebook

Posted on August 22, 2018

laurie_itech

Written by Laurie LeBlanc

Many companies want to improve the state of their IBM i security, but they often don’t know where to start. They also might not understand the long-term impact of recommended changes. Having a partner who can help you navigate through your security project can be the difference between success and failure. 

Let’s take a closer look at six steps to properly execute a security improvement project.

Step #1 – First seek to understand

One of the habits highly successful people practice is to first seek to understand, then seek to be understood; this applies to IT projects too. In order to successfully improve your security, you need to first understand what the state of your current security is. Many companies offer free assessments, which will evaluate your system values and compare them to industry standards for compliance.

(more…)

Posted on May 23, 2018

DANBURY, CONN. – iTech Solutions announces it has been shortlisted for a prestigious Cyber Security award. The category is for the best “Cyber Awareness Plan of the Year”. The winning plan will be presented to the world’s media at a prestigious black tie event in London on June 21st 2018, sponsored by Cyber Security Awards, a leading awards event for the cyber security industry. The Cyber Security Awards, established in 2014, reward the best individuals, teams and companies within the cyber security industry.

(more…)

Newsletters