Newsletter

Our monthly newsletter is filled with technical tidbits that will enhance your knowledge of IBM i, whether you have been working on IBM i for 30 days or 30 years.
iTech Newsletter September 2022

September 2022 Newsletter

This newsletter includes:

I guess it was just a matter of time as we all knew it was coming, eventually.  IBM i 7.3 is going out of support next year, Sept 30, 2023.  I guess the handwriting was on the wall when IBM came out with 7.5 in the spring, as they don’t normally support 3 releases of the operating system at once.  Quite honestly, I was a little surprised they kept the support that long, as I had expected once 7.5 was announced that they would drop the support for 7.3.…

August 2022 Newsletter

This newsletter includes:

Did you ever hear the saying “The more things change, the more they remain the same”?  Well, that has pretty much been our first two months as part of Service Express. Same iTech Staff, same iTech procedures, same iTech customers, and same iTech commitment to IBM i.  Don’t get me wrong, we are looking at some cool new tools to help us become more productive and efficient, but our commitment to IBM i hasn’t changed.…

June 2022 Newsletter

This newsletter includes:

As we approach the end of June, I just wanted to thank all of our customers for another great record-setting first half here at iTech Solutions. We thank you for allowing us into your environment, we know you had a choice and we are so happy you have chosen us. We take pride in our work, we love helping our customers, and we value the relationships we have with you…

May 2022 Newsletter

This newsletter includes:

IBM announced IBM i 7.5 with a host of new features and functions at the beginning of the month.   Plenty of security enhancements, DB2 for i enhancements, general OS improvements, DB2 Mirror for i, and of course Merlin.  Merlin stands for Modernization Engine for Lifecycle Integration.…

April 2022 Newsletter

This newsletter includes:

Well from reading Steve Will’s blog this month, we know the next release of IBM i is very, very close to being announced. That is great news for IBM i customers. There are a lot of really cool features that have been added to this next release, and I can’t wait to tell you all that I know on Announcement day. In fact, we will show you just how easy it is and everything you need to know to upgrade to the next release of IBM i as soon as it is announced. I think the other benefit for the whole community, is that the roadmap gets updated and we will still have at least 2 more releases of IBM i still to come out after the one this year. That pushes IBM i support probably out to around 2035ish by simple math applied to the current schedule.…

March 2022 Newsletter

This newsletter includes:

March Madness is certainly going on here at iTech.   Let me tell you what I mean by that.

First, we have had a record number of POWER Systems and SAN Storage happen this month.  We have our team all over the US installing new Power Systems and SANs.  I can see it just looking at my team’s calendars, but also in all our project plans we do with each customer during the installation process.  Depending on the configuration, options, number of partitions, etc that checklist can be anywhere from 100 to 300 steps for an installation. Each installation has its own unique project plan.  So, it’s not just the installers, it’s the project managers and the rest of the technical team.

February 2022 IBM i Security Alert

With the armed conflict in Ukraine developing, we forecast Russian and Belarussian cyber-attacks against Western nations to escalate imminently. This page will be updated as the situation unfolds.

While critical infrastructure customers are likely the most obvious targets, you need to be prepared to defend against cyber-attacks and protect your business no matter your industry. Every organization is at risk.

The following is a quick cheat sheet of proactive advice for your IBM i:

  • Ensure you have a recent and successful full system save readily available
    • On the GO SAVE menu, this happens when you take option 21.
    • If you run Backup and Recovery Media Services, ensure you have a good *SYSTEM backup.
    • If you don’t have a recent full system save then please schedule it ASAP. We can only recover what you save.
  • Download the latest Licensed Internal Code resave for all IBM i releases you are running in case the need arises for a bare-metal recovery
  • Ensure you are auditing security events on your IBM i
    • Run command DSPSECAUD to check your security auditing status
    • Federal law enforcement will want extended logging that QHST and the QSYSOPR message queues do not provide
  • Reduce the amount of read/write-capable file shares
  • Stop sharing critical IBM i directories such as
    • Root (/)
    • /QIBM
    • /QOpenSys
    • /QDLS
  • Do not share critical user data directories if at all possible
  • For all user directory file shares, ensure that proper object security is in place
    • Exclude *public
    • Only allow the users you want to allow access
  • Considerably reduce the number of users with special authorities, especially *ALLOBJ.
  • Ensure you have minimal to zero Network Address Translation rules that directly forward port traffic from your firewall to your IBM i. Do not assume. Have your network team prove this out to you well in advance.
  • Ensure you are up to date on Program Temporary Fixes (PTFs)

More generally speaking:

  • Educate your users that:
    • Foreign cybersecurity attacks are imminent and likely.
    • Any suspicious activity must be reported immediately.
    • Take precautions when opening email attachments or if asked to provide secure information over the phone/Internet

If you suspect you’ve been breached, please contact one of the following federal authorities:

  • United States:
    • Department of Homeland Security
      • Cybersecurity and Infrastructure Security Agency (CISA)
      • United States Secret Service
    • Department of Justice
      • FBI
    • If you notify any single DOJ or DHS entity, the other two are notified on your behalf. There is

February 2022 Newsletter

This newsletter includes:

We received some great Valentine’s Day gifts from our IBM i’s all over the world, I think it was how we treated them, but is it because at iTech Solutions we know what to do, when to do it, and how to do it when it comes to IBM i? That is a good reason. Just so you know, our feelings are mutual, as we love our IBM i machines as well. Maybe it was our red shirts for valentine’s day?  In either case, you know when dealing with iTech Solutions your IBM i will be in good hands.…

January 2022 Newsletter

This newsletter includes:

Well, I thought by 2022, we would be back to normal life, but unfortunately, it doesn’t seem that the start of 2022 is any different than the start of 2021. By now it is clear that both 2020 & 2021 were unprecedented years, and 2022 has already been eventful. Let’s hope that with people getting vaccines and boosters, plus with everyone catching Omicron, getting back to normal is right around the corner.  I said this last year, “It is hard to say what will happen a month from now, much less a whole year!” boy was that ever true.…

January 2022 IBM i Security Alert

Updated as of January 10, 2022 for the affected Products and Versions

On December 2021, CVE-2021-44228 was announced as a critical zero-day vulnerability and detailed the capability of remote code execution on systems using Log4j versions 2.0 through 2.15. This was one of the largest patch updates efforts in history.

IBM is regularly releasing new information on Log4j vulnerabilities and related mitigation recommendations. Other vulnerabilities have been since released, such as CVE-2021-45105, CVE-2021-4104 and CVE-2021-45046, which will also be continued to be investigated with remediation recommendations.

IBM has been publishing subsequent remediation recommendations in their PSIRT blog and security alerts.

Given that Log4j architecture has been continuously investigated over the last month there’s a lot of noise on the subject. People may think that they’re “one and done.” That is not necessarily the case. iTech Solutions will provide more clear insight on risk and remediation as new information becomes available. This blog entry will be a living document, outlining each Log4j CVE and remediation requirements as per IBM for their products.

For customers using versions of Log4j in custom applications, we would encourage you to either upgrade to the latest version of Log4j if possible or investigate different options for logging solutions for those custom applications.

There are a few different ways to determine what versions of Log4J are installed on your system:

  1. Scott Forstie has posted a handy script using IBM i Services located here. Please note that this works for IBM i 7.3 and higher. https://gist.github.com/forstie/9662d4c302f5224c66b7a4c409141a2c
  2. For 7.2 or lower, you can use the following shell script. The script posted the other day did not account for case sensitivity whereas this does:

qsh
cd /
find . -type d \( -path ./QDLS -o -path ./QFileSvr.400 -o -path ./QIMGCLG -o
-path ./QNTC -o -path ./QOPT -o -path ./QSYS.LIB -o -path ./QSYS.LIB \) -prune -o -name ‘*[lL][oO][gG]4[jJ]*’ -print

 

Vulnerability: CVE-2021-45105
Type: DoS
Description: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
Severity Score: 4.3
Published: 2021-12-18
Affects IBM i: Yes
Affected Products: DB2 Web Query versions 2.2.1 and 2.3.0. IBM WebSphere Application Server versions 8.5 and 9.0.
Remediation:  https://www.ibm.com/support/pages/node/6537454, https://www.ibm.com/support/pages/node/6538148

 

Vulnerability: CVE-2021-45046

December 2021 Newsletter

These last two years have been years like no other, yet we hope this finds you and your family safe from the virus that has uprooted our daily lives.  Who really knows what the New Year has in store for us all, but just know you will be able to count on us yet again. As 2021 comes to a close, we wish to thank you for allowing iTech Solutions to be part of your team. We hope that our IBM i newsletters, Blogs, Webinars, Sips & Tricks, iTip Videos, Two-Day iAdmin Conferences, iBasics seminars, Slack Channel, and Podcasts have been educational and informative for you and that you have learned from them. We encourage your feedback on what other things we can add to make them more helpful to our customers, and others who read them. Look for even more to come this year in 2022.

We have continued our growth this year adding additional employees to improve our services as well as the breadth of our IBM i offerings. We hope that you have a happy holiday season, with good health, happiness, and prosperity in the New Year.  All of us at iTech thank you for your business, and for the confidence you have placed with us over the years.  We look forward to working together in the coming year, and we will continue to strive to exceed your expectations. Whenever we don’t, please reach out directly to me.…

Monthly Newsletter Sign Up

Our monthly newsletter is filled with technical tidbits that will enhance your knowledge of IBM i, whether you have been working on IBM i for 30 days or 30 years.

 

The topics range from how to use new features/functions, information on current PTFs, what is new for IBM i, tricks to get the most out of your IBM i, upcoming events, and more.

Subscribe to get the newsletter delivered to your inbox monthly.